f284acde153e1495e7a7054b0c040aa9e8cb9409ba741f661068c2b07d5d1001

General

Target

879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
Size

77KB
MD5

879e0f90cb2708bf342c4daf5c06c7b0
SHA1

4005169a0f7438816f0b3aacb228c6a506cf3e3a
SHA256

f284acde153e1495e7a7054b0c040aa9e8cb9409ba741f661068c2b07d5d1001
SHA512

4c552cc1a322884421aa25259febc388d29fc898217733c68386cd8fdd91bc2aba2592c31f3b1fd69569fd6a272338e62e7f091fdfd2b60f82234af5723eb21a
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/t:6e7WpMaxeb0CYJ97lEYNR73e+eKZt

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3549) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\SendHide.eprtx.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\slideShow.js.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\flyout_background.png.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\cpu.js.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Portable Devices\sqmapi.dll.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png.tmp	879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\879e0f90cb2708bf342c4daf5c06c7b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1936

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
Filesize
77KB

MD5
9c8ee1984891e10a9cd89cc974579e94

SHA1
1406fc70964c8bc21bcc791eaddb5c2562eaca86

SHA256
ab0825cc13f9ec1f03c41c60fc0db309c5fc1a898c25a44fe50ce7952535d2fd

SHA512
33849b2dcc1559dc38b34c5de5962b08e007e713f0120ee07a3d3b2ae353d7ee96825c596f0a634b5056a8aa0d84ecdc9f33da9d4877ef57a6a690829338093a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
86KB

MD5
dbe79ea1a1fbedeef88c75cc9d00272d

SHA1
d5221b497d2c0d06b7aad0f2c6cfc5e19ef12142

SHA256
7696b3afe545c7cfed703679396f6158c7253787c94c770235470a4fdbb63fdc

SHA512
9f0730b7d9abd329c919b9e083d9bc59e10e595a07c293c7be7959459d76e63e1845f8a9137c7159d5860c85de98b0bf407bd79b0659a687046b972e98cce043

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads