17b4816a199f3b8e791154019c57ee6ded9379132746f151168434980db86d92

General

Target

9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
Size

83KB
MD5

9fe365cfc2f9a35147d1e669a5b78e90
SHA1

01fc6461d862ea9891c7f0ff854845c40ca4ff8f
SHA256

17b4816a199f3b8e791154019c57ee6ded9379132746f151168434980db86d92
SHA512

051b18845620fda675c33d94306fc1fa64632be2fecad495748967eadb788656375d3961b812de96b108c640454caa78de9b838db16524ac38cf665c64f87ff5
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORRe6:W7ZDpApYbWj2WTWJe+e/qXRMkPMkR

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3463) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\GroupRequest.vsx.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jce.jar.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\NewJoin.eps.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\Sidebar.exe.mui.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\picturePuzzle.js.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\flyout.css.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\README.txt.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2868

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp
Filesize
83KB

MD5
8d4cd596588e4e8a044fb170c68f24b7

SHA1
1e31830287269db9baaf8defceee41ff9e15e407

SHA256
911e007d5a11a11fcaff11dca1d528ee9e8954fcbfc770386abe3638455e5dac

SHA512
94e8065e456beed10ccf1c841f134c81ad8a4b32e64a147a17fcbbd3f3d30e89286dea448d96d5d0a200e976324f443ba3d9784685d62dbacb2685a86fa81108

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
92KB

MD5
3518f4e45ef19da25477a125278c85c2

SHA1
123b444443b9847964b298af61e6e17972be256b

SHA256
ea6ffebaa598aa6ff7ee1291b6993c574c96edbedc3797dc48fea331c7cf2c62

SHA512
2858b6a79987b9a57c7e7bdc8dbb4a345d209ae6f11ff8e9882b7adc1dfe55849efa295011e8355303310ffc84f6bf4f5def2a9f7cd8c73bd2ea520c340c28c6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads