1c4d2eefd9e1a550cf5fb1fc5608fae4842bf8df580b1b328ccf5f9ad054c4dd

General

Target

18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
Size

85KB
MD5

18b54ef2d38949827b32b5bb55df0910
SHA1

59e75b8d871f54948f50f9391c2334e97d474068
SHA256

1c4d2eefd9e1a550cf5fb1fc5608fae4842bf8df580b1b328ccf5f9ad054c4dd
SHA512

62b3ba2aab5e3179cecd385e66062fb50674ce5891a4c15d40057232b8b75ade15f5eff3ecc051a8f33f8613c3eb5bbeab7a62998f05e33853e80bb9057594e3
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXau:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3451) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\timeZones.js.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\settings.js.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\PDIALOG.exe.mui.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\JNWDRV.dll.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\18b54ef2d38949827b32b5bb55df0910_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
85KB

MD5
dff2ae30cfad2468670de267f7e50924

SHA1
688d4f5bd104acec267435a985287663ebacc0bc

SHA256
3da88c2f3a929028e7aefef3d98d0cf0b9f87abbf4f7ff5b69c3ea48314e2923

SHA512
4e19eca4c751723fb8d02763bf3bc6671aab2d5c5aa121bc425d2449ea51aae9c40fa55ef0a399a224b0bc082934deae1a812bf69a01f26ac9e7ef14dea8e51d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
94KB

MD5
58b0a352ce73863aeb0d9b1fd452d470

SHA1
f3cbde9da06fcfb49a592f0b0fb2dc269c8bcbec

SHA256
885e0285c614f8492493493d50667987e40f56686c09019db1771e542e4ae12c

SHA512
11db41dc1a5b52be2397cc7af80c80c1d4563893166e357eed36ce28c0328c1479373da24307e02ae84fa80a78fe445e8fa81167634ffd4b3d210034962cc557

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads