5b5705012a5f0f35b822be3156bd51bcfe05109451fbb531a73efdaadd61e84c

General

Target

7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
Size

72KB
MD5

7b1361e6bbe682943d958ef33084e3e0
SHA1

190471b4f546313a502a12c24c550bc55ee746f8
SHA256

5b5705012a5f0f35b822be3156bd51bcfe05109451fbb531a73efdaadd61e84c
SHA512

9872879acafdde1efdbc6af1e67182d651414f11748a924a8ceea136470b10710511c50f93a9b753009a5353a2d89c081438b8d03ba9c8f3de09cf45b8fdfafd
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJk:W7Z9pApQESOHepOHe8G+6E65TGA3v8

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3449) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\shvlzm.exe.mui.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsvorepository_plugin.dll.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7b1361e6bbe682943d958ef33084e3e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2168

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
Filesize
73KB

MD5
6fa419260d3a888b326b9902df5f4631

SHA1
dc36d041168d7b2f6b297b9d27abe62eb84c28d7

SHA256
c18ea83d307fd733c069372513b14147dec212b5356a16c3e706ec21d146f80b

SHA512
7c5b24a3bfd6d8564bcbe74481233adca87ebf7427ddf2a87e38a44d3c38e281ec7cec08a9fdcffe4bd541b600c15f213131de7b35783c4e8000719d7c4c7fb0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
82KB

MD5
3f7400e976a658a987e0946259017f7f

SHA1
d7cff55b322f3a951c89e51913039124a3a9a595

SHA256
9859cb663b27b8629b940a79b2a4410d296a42ae282b905f324a96aa17870273

SHA512
1b0d9ebc5fa6106fd432bc33614c062a8b7c8e67fa6a2c0d1d9a901d64f45273227f5a96ac4f81411a1b9337d405c767412b1a9cb338d119af78f1e5a6c27681

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads