6598a477b669d1ef50fc704f53d23b2018c9f7d657c3959955917310eac26623

General

Target

6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
Size

124KB
MD5

6c995e15441d58bd4a0164ea0efe64a0
SHA1

eee5c108e4ec80cd481efe9e16f4d90cb03580ab
SHA256

6598a477b669d1ef50fc704f53d23b2018c9f7d657c3959955917310eac26623
SHA512

1c9a6940342544ea5cc69c7eda39fe1ebe086d67be771c6f8501a808b20ac9ce6aab7fb6d3cecc882d3a48291f8ce0a95d4ca1f812d52a8b78329973dd38a451
SSDEEP

1536:W7ZQpApjIZNdNnfFpsJOfFpsJ+n1k1jWk1jr:6QWpkzlfFpsJOfFpsJ+n6j/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\shvlzm.exe.mui.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Adak.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\NBMapTIP.dll.mui.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\CompareResume.AAC.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\timeZones.js.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1924

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
124KB

MD5
d8f700c48d1c8f61f094c0a5400eaa7d

SHA1
02ea109ef334b42b2c2f786f1708f9678457cbc2

SHA256
e8ce3e41648153018b412276aa32c46fdf0bd1d01c6442517fdf44d5cf057f15

SHA512
21d65ed2f0a5ae3df944b61bdf5bf3f7a6af679fc2afdbd596f2e707edb5c13eb5ab404f709dd3b89e052b0a6a7e8fc8cfb3dfd545c9e958c59999ee76cafdd2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
133KB

MD5
35c659626d181ff5d364dacd9c6b4e78

SHA1
68bf680908cc0465621e1a9f7653c1b1ecc6c791

SHA256
1602a446d9364bf9d1a2b23f283554ea603c84d3c2618873da86ee0bffd46105

SHA512
5b4dfba7f0a95be8bf1c5a6b9f1a19c1da80fe75c7ff29191e591cd909df87a90ef339078dd3289c29bd0810163266ab056d9392ef07d60afa06865ed8bcb394

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads