1e2d93e6fffb9528a5df2c544e63014fb5cffcf6569b50c2238d869cce2cd30e

General

Target

7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
Size

76KB
MD5

7e353ac8585b3fb4109aee655fa0a930
SHA1

137b499a101ea925ad6ba77b44ac1441cfbb2492
SHA256

1e2d93e6fffb9528a5df2c544e63014fb5cffcf6569b50c2238d869cce2cd30e
SHA512

21c6f62781ee98366d61a1b0e66571726a1562737b9122756069c185111b3adc3c5d5b0879bdd30c9f4208404eb4bca067a73a8276892a9086c3783178daccb8
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhK:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3608) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIBUtils.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\library.js.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\axvlc.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1824

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp
Filesize
76KB

MD5
3f9454eeb891e38f9421ec4955a9ce80

SHA1
e3af64f5a6bcb68e5438568e352dfb9700837416

SHA256
0037c7258da1cbefddc09c4aa750191355506e7b80d09554dd80cc35536f411c

SHA512
6e2d9d6d86585a99e5150cc53ba66962caf2becc2de01248bf113e29fdf62384fa6aec1ab484dfba4f729eb89409ab3235cb168f3b80a33674dacc722839e6ca

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
85KB

MD5
bdd399b9afb26067eef0019121a482df

SHA1
d731ae5f8497680bd909771607774122abf7043b

SHA256
b937b51c223778b60dc1ea0494228b2118dca43161d35e03434eef5a91e006e6

SHA512
6d36f8e6c03516934761cac87dda40357f828f9b73f4c66cd7deee1fd3d77a50f770173873bd6a4f07e2886d9661c01f07253321629e8f615ef5847982842ade

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads