37c39164871fbcd82efd97cd3742d06fd91feb7b4c2388e359d3313a23f5faf3

General

Target

50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
Size

89KB
MD5

50929cc10501e493471e20541143e0f0
SHA1

0c616da844f9556f3522f2c52d5e18d2c013fda1
SHA256

37c39164871fbcd82efd97cd3742d06fd91feb7b4c2388e359d3313a23f5faf3
SHA512

67b16c7fa0581490573d772d515ac6c6f312737ae5cdbed5de8b0f3377a5c02d7a89f0a13e166ae3c7e68ebad048ba32ac120d6bb844adfd7b97c4c72f105cb2
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNv:6rWpcOPxPke+e3fFpsJOfFpsJbgEd

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3572) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\slideShow.css.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.aup.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\library.js.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\settings.css.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Acrofx32.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1640

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
89KB

MD5
e63e466e2ef442e9f3eb4e7cba0dd3a9

SHA1
516d14b5977b7c8a697a4adf8ff68cfea9238d18

SHA256
ba6dc0a381239d9946b8c28e9c28f065adac2a6fc92f18e31f9b58edd5981e53

SHA512
18f5831ca564c3018865e603d1be6435bfcc51f9d2cc585d73d7c6c7148a03d4486dbdef2bf9671eb8626898ade96ec3ad88d6c1658043bdaa9956fafc52dfd0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
98KB

MD5
bab5cfc07ae99a11657ef27e55fd80bb

SHA1
b42da2759e36ff7e4a8b4c79b998d0eae04e14ec

SHA256
7b3cc284b0b08c8b3f968f25272d48058eaf4aad09d95cb3562100bd97f8039d

SHA512
088c25263f9463a6567e355e48c34cdaa12366ac797cf2dc4ee237cdabe743ea00ded3fcd80a5ba77af699921c7e1b634cd7893fb30d9862f52b231bfc5f96aa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads