58ebab927d342978e67cf1c86385f280a4a6366300658d8434cbfce0f77ceba9

General

Target

0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
Size

52KB
MD5

0a6880aa002fdd4771fe569bb290cab0
SHA1

46c98803bc8ccaefea915bffb9c5303733b1a757
SHA256

58ebab927d342978e67cf1c86385f280a4a6366300658d8434cbfce0f77ceba9
SHA512

1f230439efaad4b70866e079072e6217e9df11e32bf3b36c3bd4772de616439608459ee9d07bef2953298e3849587d4a2dac09045e3efb2985c8ce94ada2e5a0
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsR5nd5nU:W7ZNLpApCZrt8PWGoPWGANdNU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3730) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Araguaina.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\mozglue.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full_partly-cloudy.png.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\js\calendar.js.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\it-IT\msoeres.dll.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\PushResume.zip.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\settings.css.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\de-DE\msoeres.dll.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2308

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp
Filesize
52KB

MD5
5b9d0daf1c910377999a2234776295ca

SHA1
c105582192e89a906d20de2b336b30353a9d9f62

SHA256
3e71432d74735291ec08beeaf6b1d95d3c4298e040dae5245d8cc5702e603303

SHA512
c2b76365791be4b4fb9622db122e334bff73cc775fa5341c6d28e1495888db7206274cf492817007d9ea0d640ef74e425060f3cd22429fb6827f86a01dc872a9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
61KB

MD5
200ee50d020032702cc64d20039f1eb6

SHA1
34e78073b3f289e85884a310a8aec404016b6cd3

SHA256
c39bddc1beffcc338f7e7719ed7fdb6d3d5f3db53b1ecabefd3a7f5076bcac87

SHA512
26aff1da7ae82a25d64bd6f6761bd78ea6384de6c62f37f60e0bdd62d3e8012af9cb6f1955573a9e70338911ce6ad2e603a9387a2380f02ac467579f0efaae5b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads