ab5411eb02e84646552e10875706abf50a71d05a6448504b14351147bf9c00da

General

Target

07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
Size

81KB
MD5

07d73ade071bd49840309e628be70fe0
SHA1

bfe1aee0d17b593bfcf157289ad2aa9e57910df5
SHA256

ab5411eb02e84646552e10875706abf50a71d05a6448504b14351147bf9c00da
SHA512

6983f8487d8a92fceb1358c5d24212901183afeac437b49d30bd60208c38abd628cd3fca94051b3502aa928779fe506ee085c7aff9b0b2b59dabf125190b27c3
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lDW:6e7WpMaxeb0CYJ97lEYNR73e+eKZaDW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3615) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\gadget.xml.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\icon.png.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\07d73ade071bd49840309e628be70fe0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1640

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
Filesize
82KB

MD5
7ae4fb6ba55edf1f81ca7d7f38cdf01a

SHA1
d8b1aff75dcd57e38982b0538a635245194b27e4

SHA256
c67f85c9bb894faeb06c23c3438ac158a1482c056ad49c618ff8756061f3456d

SHA512
45332389c302af7e7b651c83a8095701c2d215a10fb5810d49695fa3da0db56ac0eca4b86c066265cf5b25366ba01e0e4f748f1f641e8b6d8ea75c50897ec67e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
90KB

MD5
33594d094fae4cb87d3792a786904feb

SHA1
9b9af8e91d28a85dd9fa857ba0dad55ab76b2761

SHA256
c21f16bc08292a121c18b8c4d4d18a49efbe77e1736bf2cef1f9047d7805fdff

SHA512
061270b0b28f04664e10e4d8638baa8d4716ef3d9dd4d47739da3545c34c67cd3ffba8810eb48b5e941126dbfd4c37d6a57eafbef76be51a60c6aa282ceb761b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads