839e4a1dd98ca0aa421e0799ac242510c054020626f0bdcfe8315e0e72bbf597

General

Target

e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
Size

82KB
MD5

e04a549ded9de48e38ebc05dbb1d8750
SHA1

2b18f66d1eb82edcc08a9f5940ddf4866bc2d86c
SHA256

839e4a1dd98ca0aa421e0799ac242510c054020626f0bdcfe8315e0e72bbf597
SHA512

5ab57476ebe2e5eb86aa2b5622035325a3f6f344642fc194738562cde446dd30a1d9e80a1139c3df7328ff14d1409d03200d8ada392f042fba920d6e7d1b8c1a
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/2vlXE:6e7WpMaxeb0CYJ97lEYNR73e+eKZ2XE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3653) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\de-DE\WinMail.exe.mui.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libantiflicker_plugin.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\currency.css.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\settings.js.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\slideShow.html.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\wlsrvc.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\charsets.jar.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\JNTFiltr.dll.mui.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1952

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp
Filesize
82KB

MD5
a61305a75bf48fc66ba779d33f971b45

SHA1
b39c155770a741b743eda7f1d2fc233c0430c6a7

SHA256
a98190e58441d6332b2942ebd64714ddad354f5f3397e2e72b08cd8cde9bc2fd

SHA512
360785b724d17953adb275afdb80e510351ef224f47031bdd16af01f1ed8b45a55e84be5e0026baa4862a143cf982a8c7d84dc7051c8501ec48119cdc8422589

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
91KB

MD5
448db9e537be475d1636008de6c0eb11

SHA1
63fbd77dd765f304e85d2f17d8f6aaef2d9cce3e

SHA256
79fe9f5cebd6e70c1cd5f14b54371c9b71557c021df36ad7b92b458821a95c65

SHA512
fc7a561c0cdac25e38e8776ef5a699d1d92b590f1b55b582006286c99afce11b1ad9d7d48e0e93c0d57f9b22546d08e0cac240328211bc2963b8c305cad631fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads