b61a13d665c7b726649c2b851161bdcb7c0983c37959f7e6c09445bbaaf1977e

General

Target

2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
Size

80KB
MD5

2e0404d290ccb98c6c001adc52eba690
SHA1

0b91300d46b327b7e3b07f767f14a87f07c9833e
SHA256

b61a13d665c7b726649c2b851161bdcb7c0983c37959f7e6c09445bbaaf1977e
SHA512

9e2fdd25da66537b692a0a92a32737250fd9e6f60f9013c24dbdc8ed837fc860069b36054288e7415ccb30e283a8bfff0f9f41f9369a095c66930eaf7f166db5
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReS:W7ZDpApYbWj2WTWJe+e/qXjBJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3709) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\picturePuzzle.js.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\ja-JP\Sidebar.exe.mui.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Chita.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.hyp.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\javaws.jar.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\en-US\msoeres.dll.mui.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\localizedStrings.js.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1796

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
80KB

MD5
e468ed7062318c90d61b397891c31c88

SHA1
c45698db9d3c268b89f85a6d6a1c9d1571077bf3

SHA256
b23d2785aea0d566f95cb1cec757e9ef8283b6b1fd0e565bce68c77ac8ec085c

SHA512
afde8abca9acc8e8b69b4b54e15ab35823ba37182dce5f2a90dda3f28d7d32c337f70688c1ac7b94ff22bba2b8ee28c80c52a66b999feb051b73662cce2ca323

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
89KB

MD5
891451439c280b7617d021fde5c45906

SHA1
6e07cabdf2193551b7ee4a8c81c8da1ad7682c8c

SHA256
2fe8b71b5ac706500cda484a3ea8aabd571b947541e7c0189165179a0a91838e

SHA512
7aa1361145a39ca4d1c309f4c7f721930520ced90430dd78187a6e097e0dd5040d60685a3bd0a1c654c6e71cb19363d4db38ab34b83562c7eb1237d5d8b65887

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads