8613b97bc4cdb152e75a7e6f1e6260719ddeb02ed086d7b2ab18616caeb962ae

General

Target

868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
Size

87KB
MD5

868d15e0a51034f7b17811fcf95f85c0
SHA1

fd4e7d44deb2a7295303ee96f24cc2c05dbe072e
SHA256

8613b97bc4cdb152e75a7e6f1e6260719ddeb02ed086d7b2ab18616caeb962ae
SHA512

1aeae0c2353b802be4c58c34c4239f3f039d36ef5d9823ac689d4802b95195526ef2d595610b8b34d98dc178910eb4b117c451270ee0177f10135be50c4c7883
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXaP:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3531) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Windows Mail\ja-JP\WinMail.exe.mui.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\settings.js.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\PDIALOG.exe.mui.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\settings.html.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1632

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
87KB

MD5
169764480d6d08d6040ba9d97b1fed9d

SHA1
42f318c53377a04b4b1eacd6b15a84662dfc4496

SHA256
970b230c90d759996e035aefa6dec5320ac746487179874a56b3d11433686f1c

SHA512
79d4f01712f0396027e2daae60dde360990bd256bbf01c5a5c46d3e627bb886e2e896deab72344d0b237ba9d98e9c2649933de0353e25dd0aed53a05412fcf44

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
96KB

MD5
7bb04c2b7a65a31a7cd416c464c7d466

SHA1
cf8e0df89f55da1a88cf0ad0a6ba2ef0c40824c8

SHA256
b4d9af310fe2231d31207bceddd7ef95d45ed53639f85d21faa663d4a0a9f118

SHA512
68a23a3eda1ec1bf5c7ff5438939e288510fa7a02536d57432f0df4753745a1d94ac35056e86adc9e4a662ba686e630c6a866b95f872f6694e852f66948ad316

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads