a8dbfd6731e50375bd05ecc3b2459865bf4487592907d459c616757640345b85

General

Target

36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
Size

83KB
MD5

36050fb6c8440bbb68171a4c6b1f35f0
SHA1

c0a08e56b5b7a4ab83cf1ab56bc0fa37e9f18f35
SHA256

a8dbfd6731e50375bd05ecc3b2459865bf4487592907d459c616757640345b85
SHA512

abad6b2e01aa99ee4094a9a189e4a6304627a56584b108fd0836a03810d49c693058bce46c9b2b3567869a5f617f4cb690352be061280f251e1ede3691e7de0b
SSDEEP

1536:W7ZDpApYbWjIlE77ufL2e+efZwZavl0J0q:6DWpwE7oL2e+efZwZGCf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3474) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPSideShowGadget.exe.mui.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\cacerts.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp	36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\36050fb6c8440bbb68171a4c6b1f35f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1904

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
Filesize
83KB

MD5
00398ec5c614d7a78154aa93eb83b13b

SHA1
0a2194be7a9c4ed870e5609a4091eadc637d352c

SHA256
885b95c4f77101f99d31d3613f8b14fee1ca7c6f15efb39ff9efcdf45ed42840

SHA512
de5e7af2f8644b952f0376d3ed6cb0784ef1e4a75ab15ef5ac956635d95cf207e40576a0547be1e4ba44b471d68bf4d221e0a312754dd260a22b94c82cf726d4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
92KB

MD5
c97f3303b469e742f229ef322b99ff3b

SHA1
8a0b37ff144f4bade4abc1192e2277078b5f4bd2

SHA256
199d018800a8668625c8e4846df5af95badca9fb7120a79fe601469e455d6ec1

SHA512
6b87601609ac7162f79012a445ff7258060cb2c0771d6f47e481e3c04fdeb9bf08208b1f09a7d41ba5f481251f5cfa443d64a08d92d1e5439fc4b26da45998fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads