2d850194a6e3945d7f42ccfaeb2adee2a051d5ab551ff267c82a088d3cded244

General

Target

75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
Size

85KB
MD5

75c2d1b0ad42f39b1fafc3c077d39d70
SHA1

bf0fa0a56109e6e07e1ea431364b7e260f45ad26
SHA256

2d850194a6e3945d7f42ccfaeb2adee2a051d5ab551ff267c82a088d3cded244
SHA512

2c2153075de2a606d88157f81ed5bedf2e70ffd894087bbb95642378baede97f63cd54db02cb4b70c6bb93f33725190b30f04ce0479d3901244f88e41e1d7678
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBK6Vu:69WpQE0zk

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3508) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\cpu.js.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pe.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdav1d_plugin.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\init.js.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.exe.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\release.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpCommu.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\library.js.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2932

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
85KB

MD5
47c0871f307f431bc4423775b35494e6

SHA1
7c6595cb27b96a3e4fd3339f4fa6d9ba1c5e0878

SHA256
1a116cf730ef44a778d97748b55a7cf179cb367855aa80a1091318e77012e561

SHA512
1533107b92412adadaac0fa14242aeb2980a47d03ca3c0baf23df204fa3e1bf0cc71108d33ffc0380a22a683b3feae1664cc683c6185d4e8edb9c91f20971961

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
94KB

MD5
6a08b9a07b4658cc7291463d47eda4e7

SHA1
d7913ee0956fcf79201e43c049b6d6abae5f1b1f

SHA256
009ecd875ac66a917ed11082964a7ea895769e02dedfc09a37e358ae48cba984

SHA512
725e012b5996fb2f3f93ba600a13f7c9052ceb065fdd482dc137a7d0fa10828dc263a7a6f80f345b1c51a9c7fc7c1fcb90691a811f259f489fdaec59803ee9fd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads