247ef06508859bb6aa9aa3056ee20176df3898d2c674257f9ffbfdaaaef48f2b

General

Target

18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
Size

60KB
MD5

18b75851a7e6a3c981c92048d4506af0
SHA1

191162ffe238770d32560c047400692f70946e7d
SHA256

247ef06508859bb6aa9aa3056ee20176df3898d2c674257f9ffbfdaaaef48f2b
SHA512

2ed6a566a12e9b0bb1f78d14d07198f8967a673fe8cf4b0649d816671f3c51069db59acbd43bdfe6ea374c0998794d6d2fa48e578c160c9d98c6a85fff827dcd
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJW:W7Z9pApQESOHepOHe8G+6E65TGAm

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3832) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\settings.html.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationFramework.resources.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_sun.png.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_Loading.png.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\SETUP.XML.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClientsideProviders.resources.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_2.jtp.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEWDAT.DLL.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\jnwmon.dll.mui.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\weather.css.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\settings.css.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\gadget.xml.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1688

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
Filesize
60KB

MD5
6d0276728b2d23cb0c0c7afd73a3aad0

SHA1
7a2eedcec6da5f2344dd9fd7fba3cdde031aeb1f

SHA256
ccb20214955a4e2782b82e5f0ff0e54024cb1f58b8c67b183b3b9a1d7a2747f2

SHA512
1e576f35bed70f6c400fe6b9c92c78c3ad02f0cd2d5c970785c91d6b4d6f2b1b0ac6ed9604e93a7d687019c8e951df88502c0efb5355dde5ed2bde3d5e670425

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
69KB

MD5
1d5319fa3f51236372905492b46d867a

SHA1
112379e8c5b3e360478647bf122f367894310476

SHA256
11aef0da44fa7d5ab94b9ab48cc2a5c08c9be86670b4009c95d7e72192c48c84

SHA512
c8117eb2b755550675d9273bec846326768b13fc488b0c3b5341b4904ff195b7a3299ce73a5e9ab6e59c23b760757d2c7a668030d3b4a6b12db252042a781dd6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads