7c0f17be2e32e1bcad970b650071a3f0cc0061b80086def5bb8dd89ba5946428

General

Target

02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
Size

88KB
MD5

02ff5b3aad1eab842a20a6ad6cf9a6f0
SHA1

eeaac7922b058476bea89a87bc0af509423a49e1
SHA256

7c0f17be2e32e1bcad970b650071a3f0cc0061b80086def5bb8dd89ba5946428
SHA512

10e374878c6be4649721e6d64f3c975abebaad294c52f76c7aa1b75acb3d308a10d477e30bda2187ddc041a03eca7c454e5be666123814dd5fe0dd8d90ecb0af
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXausaLsab:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXt

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3676) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\bod_r.TTF.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\kcms.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\index.html.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\RegisterInvoke.contact.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\vlc.mo.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\localizedStrings.js.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\MountSuspend.reg.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\javaws.jar.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\Templates\Graph.jtp.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\calendar.css.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2236

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
Filesize
88KB

MD5
60a94c1293dbfd7fb6be0add67e51fb6

SHA1
371ca3de0adf1ea40061e18a74e23cf6da596a95

SHA256
fa831231e5480aea5fc638c09d45c38a0f6c91c697245591758e27481c9e8dc9

SHA512
37b177222b66588e9a16d9c3e6e2f21d63d90920e4f24cf6a801e9edd7ef3589b6e717ed9bd968ac4d54dbe9d599640e052e75f8bc97a86a4314bf23f576360b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
97KB

MD5
27047421f1de2bec0f3bc204c1fcc5d0

SHA1
560044a1b054337e39b9a00180c47e4adde66e47

SHA256
3bc3ec4310f3452f52fd650624b12aa80de5f55ff646255a4dae679692e1b2fe

SHA512
e3dae84f3fcae716bae11cb1ed27d28436eb7f598c86f4e9a4d3bf1c27777f891fa9f3e36fb5ca73b55fd653301d255f58bd955476d805d29b0efd0dbd8caf25

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads