79c865d840b3707de8cce72fcfd8f066311a797763695d1b4c1b13301c6896c2

General

Target

1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
Size

83KB
MD5

1b22909c7001be5d88e7a42225b36710
SHA1

2fddadb86c5fc7c1486560c80842934a09536c20
SHA256

79c865d840b3707de8cce72fcfd8f066311a797763695d1b4c1b13301c6896c2
SHA512

7db6a97311081662e30799fef75a4a313485a7688f05eccd68391541bfbcf0b7391160680530f510ea267cc140fc2c6cf2ab6e379ad8ff3ecfccc18cc7894747
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXaK:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXn

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\gadget.xml.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\RSSFeeds.css.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\fr-FR\WinMail.exe.mui.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libskins2_plugin.dll.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1b22909c7001be5d88e7a42225b36710_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
83KB

MD5
fba33070f91fcf69015d89001cc78a18

SHA1
4d25edee21eb9ba9b0a2794119f58b04af028fa6

SHA256
b8db9e55c455a80524b55afee9f13494090efb4a53965636593bedd4434e2591

SHA512
5ac29cdd4ce633e2ddeb7874c8660577916ce9faafee161e1c670c79a0afe6a1efab63f5e0148d28b86cc85677e06d3bd4b928ee8f384388e80fdece48d77a10

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
f02f07ac8a8daa714708441ae27040af

SHA1
5c063ee41da752bd4339b544f562b8ccaa591eab

SHA256
31b7dcdff7ffd5083f290a99eec5dc65d220140d164e03aa39edd5468c0a2e47

SHA512
790af7f5988bed9a87a9f47717e3d2fb284d97d877ef31f7dd1ae920f16d1b1cf060ed1e3fd92dccd273420379b83a0e84f2f643b398ff345e32420606b16bda

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads