099782bb166041f0493f82dac398081b08bcd9e627f0f9dd3e66a02ab14f3935

General

Target

47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
Size

94KB
MD5

47b949ff1f3d152ba8a7152fcd2dad20
SHA1

b11737bf873eb31a65881617d00658ea7d20f492
SHA256

099782bb166041f0493f82dac398081b08bcd9e627f0f9dd3e66a02ab14f3935
SHA512

b494dbbf05ff8efdee3217dca5fc487470c102b280c91262ee135b774320c98dba5a7989a6aac95294dc179195571a8660c051b713e2b72eeb079567d3599e14
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNe0A0n:6rWpcOPxPke+e3fFpsJOfFpsJbgEU0Ao

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3521) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\slideShow.css.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\gadget.xml.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\libxml2.dll.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\calendar.js.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\PhotoViewer.dll.mui.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\currency.css.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\ReceiveApprove.mp3.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\cpu.js.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\flavormap.properties.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\sbdrop.dll.mui.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\47b949ff1f3d152ba8a7152fcd2dad20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:620

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
Filesize
94KB

MD5
2dfda8b027faab401ccefda5c2f512e7

SHA1
95672f2a196c4b2c4601511c52fb1b59bf902a37

SHA256
b5eda339a1778db2379b7cbf4a1dd69f6969adc0060a06cfcb12fbc95918ea18

SHA512
1f9ebaac33b04d426ed9a0f22926b6c349ea8c29a6aa51ea9f49096c474b0b102509ca116876ae754c410357008c0ad373d952964b48b72481e7fb0b314e4bc3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
103KB

MD5
42265c3cb8a90fd608114c5261b4aa98

SHA1
1aec030bd8fb04700e69993e35db5d7375c94cdb

SHA256
9008fe5204e40cd81d391e472ae23a92ae0704e041e169f4650ae8f5949c8d1b

SHA512
5c6bb0f2fe061c83947aa586586f80ed48e6c386d72d7222005ce54cb2385b387a829c693496d1e16ce7e98156ac84a67e0bca3afa33ad8910bbd1dc8fd0353b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads