0c8b21f8e979b05fc4e1995907b9052ededfa4c9ea9bb30468be7cebf5e60306

General

Target

2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
Size

44KB
MD5

2256b7c192a4f42202d55805f4035d40
SHA1

a74109ee5c67b74c3be33184f6d20d2de49ffbb4
SHA256

0c8b21f8e979b05fc4e1995907b9052ededfa4c9ea9bb30468be7cebf5e60306
SHA512

2493554229f3c79dd92fd086e1978be126aaaeac74e12a9dddb4081b50a952406b11562c4d25dec13c27140f8a5c69093f90cadb8621d44f0659ff38248d0dbf
SSDEEP

768:/7BlpQpARFbh/o+fOiJbfo+fOiJb4JDYJIJbVT75T7T:/7ZQpApVZM+etVT75T7T

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3722) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\weather.js.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\EPSIMP32.FLT.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\fr-FR\WinMail.exe.mui.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsvorepository_plugin.dll.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
File created	C:\Program Files\DenyStop.dwfx.tmp	2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2256b7c192a4f42202d55805f4035d40_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2300

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
Filesize
44KB

MD5
45e6776e9ecc2d1a382bc4883e59a69c

SHA1
5083c191254d6a3f074689066d94e53036d35ca0

SHA256
73d36ba91e5048cb82d254113145fb8548cf1b7cfecd14995557a7f53ede2c62

SHA512
d12f4864a18b92f6e5f03d4d698edb01d1229e9cbce024820bed2ef20fb03d945abe8324d535f87e2959269d724278ae757bd6396a77ab1226ed2044a0a391f0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
53KB

MD5
05f534356253c53894fae52574c7997b

SHA1
570abe4130da6dc7eecb70c2259d47b13a1332d0

SHA256
09132a7e2670bf243a45c3195ca2166d30c4a89170322f3cb8fec8b79e25a665

SHA512
53bbdff162b88ef35a9206d3f18553e1f2e66af51f3d33b92ee9b13f2a6bece24e139fca485daab224b50567484fce0c49a1ac7b271bccf25b1a77abcbd8fa68

Download Submit
memory/2300-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2300-652-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads