4c75e2fb73dc4dbf6f92a10a6a39225b52060bfd1c5e12ec408787e0c6544d4d

General

Target

2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
Size

85KB
MD5

2902ccfa5f9b036c2c8ccc6a639cb0d0
SHA1

165776c869d9f1b05cdda6047fb4131ff9258f63
SHA256

4c75e2fb73dc4dbf6f92a10a6a39225b52060bfd1c5e12ec408787e0c6544d4d
SHA512

589741b3b5c980c9f843125e73ce43ada91bbf56fcb51a5b674d067299e0a8145c970268dec7842b2a910411f9388b1a371f5d6363f349629f4a7158dd878011
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/Wy+JAJF:6e7WpMaxeb0CYJ97lEYNR73e+eKZV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3433) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Journal.exe.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\InitializeCompress.jpeg.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotionblur_plugin.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Windows.Presentation.resources.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2280

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp
Filesize
86KB

MD5
541817230c5ed31a35cb07096d467c19

SHA1
549d1b855d2c3a2627f980b2d8f4f9443e80833a

SHA256
0f811751a96a58917524f209c1f8cc32f088cefc74aa6f1b8e54661c017114eb

SHA512
a6da18b526939caa9ef1ffe1d760528540ef8de068a84fd5b7eac13a67ea42a2fbe44a16c8e8e6485a40204a659f7a3ea6fc572d16935e1a39fff841bbe6d476

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
95KB

MD5
a416c40569af7a78fbb950b7a33f2280

SHA1
6d32a7aa0bb287cb169b05b43fc6b98cdceef24d

SHA256
22facd1bb4d04a84866987343703a68d49ee9c73ed8aec9a13fd832acea45b25

SHA512
c8532f587453b46e6945e63115feeb6b3b9fbe26cc5c065aa7642fabe73122a2d319b02fb1e5d549fdc3810148ff788835fa7cc16138f2c1f7507ee7a6f70316

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads