619eb946828ca3d64c7be1ab377584408df31f849682cbadd6c3cf64538d616d

General

Target

19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
Size

75KB
MD5

19ad62c9ebe7c69bc6104e09f088a4a0
SHA1

53d5367d7322533d18330fc9e195c0ac82aec55f
SHA256

619eb946828ca3d64c7be1ab377584408df31f849682cbadd6c3cf64538d616d
SHA512

08d5c66d8d0760534be35fe0c4e1fdeb1ed542523357b426ecfaff9d7e62f5b896fe9dba3fc559d2b8f68cadfc2cb4e8ca971452588c23c35febf83c4e50064e
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhF:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3466) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabfind.dll.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\flavormap.properties.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\slideShow.css.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\45.png.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.tmp	19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\19ad62c9ebe7c69bc6104e09f088a4a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
75KB

MD5
a5b9a3990473abde048a02e10368d41d

SHA1
d7f0160a9a3103dc030cb15fd53f3f85cdba7a9d

SHA256
97711da1ba0b8017a47e73d827d657dc1f95860462ca47c11316c5076705f1ac

SHA512
3f45e5c0a3892820065ea06bda743c2c4102986fb51fb80916ab59311a9f29bb8b0cdf3ab6ed432d5a3d78e96cd86052bc3b3b9080ea844e1c21d459f619cc20

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
84KB

MD5
dc16f749f9c081ba79cbc4c671ac5a80

SHA1
13edfe63947f37d3b091a14238a85b8eb3aaa25c

SHA256
ba3dcdb06b585e0d2cb4e2d7816a3d5b37f8aad735fbdb95c4ccce8248d08c37

SHA512
e40b4af85178b1cb0c2b418cbac37b9a3ea605187b1ac4ca9a29b123289f95168d2068a8d2511418e2d088dad47690f85a88d2b760d0a1b1d7b1e6f42358d61e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads