0fb4f4859cad0e416ed3d87514fe57a9a791be15344e5542bc09ac4c07ea8e06

General

Target

5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
Size

51KB
MD5

5ea06916f3e36b5438a295abb4dc5370
SHA1

01ddc962681637c8a2cdb17741ea54bbc82f1c8d
SHA256

0fb4f4859cad0e416ed3d87514fe57a9a791be15344e5542bc09ac4c07ea8e06
SHA512

9a135e659e2cdda9b35f62af2b71ca9c3c00b0f1f43a494a85e1194500ad753c76cc802f5e87ff678a28ed8a93144235681f9ff90979a7508d31f038b55804da
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsR5nd5nT:W7ZNLpApCZrt8PWGoPWGANdNT

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3737) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\currency.js.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\instrument.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\mip.exe.mui.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\kcms.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2696

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp
Filesize
51KB

MD5
d206188eb9230348a7700ea2ca4d7521

SHA1
31c3e66ebd2521e205fceef84af46c565e9af040

SHA256
5455886f03bd108bdf4999d5d6a3b3c916d5a765256c8a04a9228c963f467314

SHA512
2617b45578273e8f500f958872c51ac8b0a12ef8dc8de133c174f7723d23508bd3fac953f97f339b4cea2d2b6c7ac5df2cb982da92f16c8a76a0070eac73bc21

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
60KB

MD5
4b271179dab8c2c9b9d558a656311a0e

SHA1
7f33b9c3ee7c595c23bcf36f51ea922396548a84

SHA256
dc76c12086132b0a16e53d2cd9e102adb60290bb94005f187058e21d1c3c550b

SHA512
17152a90eb9497833b332bf2e64199dfeb825e0d6535f1275809ee5bb81f0b8fed967540fed31b7b6d28e2ac7f636b39efa5675667ca41413b669cb525a273f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads