4c0af2eaba6c6b9d12751355fbd42b34e2edbe3b3483e91c2969446e41c010b5

General

Target

8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
Size

46KB
MD5

8a72522076a710b8b4ca5e3837a817f0
SHA1

086c6a0448c8fd7480cbac4d10b023c2b805d4a5
SHA256

4c0af2eaba6c6b9d12751355fbd42b34e2edbe3b3483e91c2969446e41c010b5
SHA512

559b48e75db3e712410a638c6a0a7510dcae385076d6d35009beaf93ddc3fcb34d2206b97491be7e092982db3592d262a69536001c2f94c7d47f154c81b771f1
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsO:W7ZNLpApCZrt8PWGoPWGl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3788) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\settings.html.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\localizedSettings.css.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\JoinRemove.zip.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\vlc.mo.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\blank.jtp.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabfind.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\gadget.xml.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\JNTFiltr.dll.mui.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1848

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
Filesize
46KB

MD5
ceb924a92eeb83d21443aa2acb2881d6

SHA1
4d1521c8dc6407ce4ab2a3df7ba4bef46d83e2d9

SHA256
b490c91ef5f9a5c5ca65c051b96e5aa95ece3fecfc64914beef4917b67a377da

SHA512
6a81c129cb67ea5cd7418fb9af110c231ba707dbabcd5b8f0f18e7e6f9157629a46328c1fdaafc237661c3bee7154a68fbbc962babbfd0ce9e987e96c5b48174

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
55KB

MD5
0227f70fe979b658918da76e56de0e1b

SHA1
896782504393155cd6f96138fb2b5da23cd3b921

SHA256
6c0acbfd062035efc55387c9c4838c29ba91ab7c566b88cd89b5e158cc29cbd5

SHA512
58227f7d3f7c47c6067829651317e49f2bd1baa7e2795f0483f14e27c4b4da504327166a2228a16542dfd78c0d85aeea0972678947401e3c837a925f5fb9b14d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads