0489ec0e9e7eea188ad51a32503cf5942dbf5bc3cd8e5c23c79e395644a80613

General

Target

6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
Size

87KB
MD5

6b17331186a5cc3e08288eddb5b32e10
SHA1

27579e13ef1682a0ee8a0d48bda017132044276e
SHA256

0489ec0e9e7eea188ad51a32503cf5942dbf5bc3cd8e5c23c79e395644a80613
SHA512

4cd2f87f5de14f10dbed0b89568e38626119715ce8c49afd1489cf383601b3c7f3ce282fef1cec0ecb3f26b1864ed7c80f3c38e68380ae393dc7c2790195eb7d
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/2v4FL:6e7WpMaxeb0CYJ97lEYNR73e+eKZ9FL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3433) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\settings.html.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\InstallStart.001.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseover.png.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClientsideProviders.resources.dll.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\slideShow.css.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp	6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b17331186a5cc3e08288eddb5b32e10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2012

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
Filesize
87KB

MD5
44ddfcba4d8ed0c6606a32d53d12426e

SHA1
5df239e4c59dad84870d9bff157a4a1305a587d9

SHA256
e73e3c48f27d336bdea0436b5823277c447308d13d1e10f701f60ac5b94722bd

SHA512
236034dfdf01dbef2cf25fb0e45b792bcecd01db31e284fef3d7491ef9a0c0d1167c8db7dd043a7018a985ab66e7ecac40836193cadb12d79ff365ca695a1c6c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
96KB

MD5
0c4ba3c4219c589a4b0dbb71c380520e

SHA1
9c439e788bc23904fbaf84d25a16eccc490480ae

SHA256
4fb78ec5f6432a790fc8e0e6ae9ff23801024a9cfc33bf4fa041601c4f488a6b

SHA512
52343f29cdfc66e15124a9baa062c7b67615f5d2a00d8c15bb74bce33613106db6fbe0c98108858f1c98ef97e20b6f0e80707929321ed5e9ccbbddf4e2d46d94

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads