d8ab70b21dc195150f7ed4ca60fc4cd4c1a9521f958d2fe702a95eb2d6626a32

General

Target

9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
Size

81KB
MD5

9be456f072d2435c1033d64440c790f0
SHA1

46a3e34c09e114285d7304cb5687e148335fda12
SHA256

d8ab70b21dc195150f7ed4ca60fc4cd4c1a9521f958d2fe702a95eb2d6626a32
SHA512

6a49e4a43539a6d81a71f1e9b7077d4f4750773b0c23d6cba39cfac49c8d674d87b97ec26a94267d016037e2ff3423e7af1dedb7993cae3339f072171b38c00e
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJd:W7Z9pApQESOHepOHe8G+6E65TGA3v1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\shvlzm.exe.mui.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPDMCCore.dll.mui.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\currency.css.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\gadget.xml.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\weather.js.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\NewAssert.M2T.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwingdi_plugin.dll.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\MSPVWCTL.DLL.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_2.jtp.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9be456f072d2435c1033d64440c790f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
81KB

MD5
40fe8d50e21b8662bb83b658fe95e9e2

SHA1
3eb3c990baac1e98e6f4f7bf2f640789f61dc8b8

SHA256
e94945d444715fbe74d362d2d093645d889b3a93adf94eb3e3960227dba2079e

SHA512
953090d35f06b28265842ad3e787b3afd0a8f45f0b8f4a3267233934e70108f563d6fd5239f279ed3d2e46287cddd0cac8989f1923424e127d6b29ec6e93ebff

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
ba76629b6dbf87a25d679765d8384f10

SHA1
d4d8f63744297f3fe376ccb6f494127361013b41

SHA256
808cd5f14862c6838b3d50a2d67042d5eea453a326d0e1aeb9927963f9002776

SHA512
260c3ca0e8b1bdf7293aec7b34077d351ab18c6ae1a65eac90ab839cf16fdb0f0611c3cd60acdf081e99d27bdc36afd9c74460f7a9b2b7e152c32af996c6268f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads