c66334c779358da27514e3676d8c717d21890c702ce5999c8ce3e09ec0d1929b

General

Target

3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
Size

85KB
MD5

3c47aa08460ff1d38cfd3f725c990550
SHA1

53cb32492c45751da09be028e302b8b8d3d03401
SHA256

c66334c779358da27514e3676d8c717d21890c702ce5999c8ce3e09ec0d1929b
SHA512

dda79e53bf4d5894dbb7bef2db8ac8170e1fc938d2d55f8e88c60f1403a1cc8e5506ebc2e8b955a9ea44cc84818380e82f64b3ed4458ea1e3de83b970d6e55f8
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKPaL:69WpQE0zaaL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3440) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\de-DE\TableTextService.dll.mui.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\settings.css.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\calendar.css.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libbluescreen_plugin.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\wabfind.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\js\slideShow.js.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\en-US\Journal.exe.mui.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2260

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp
Filesize
85KB

MD5
a2a50388a4e1604934d50b9f5190643e

SHA1
91e0f8d080b810bdb8e4447def6272dcd1e43956

SHA256
85e351df98eb1e51049f91f28e84ac71d66b6bf2545c68c17fa55a668e027715

SHA512
138e079cacd7183d7eebbe185d7ed4ecf959cf1a43831d0a0a0def433b35a8e6e52af40d6ac1b3e8d0c8468cda19073017f75777c0231d5b360838365f2b58cf

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
94KB

MD5
c9e66f47c4fcf18764a2decebd97e0f1

SHA1
198c3143233d867d71e96ea44fd791455230fdb7

SHA256
e31173a39126612d98a56d99ca4843fe9025632ff289bc01d6494cb77a511a0e

SHA512
c6204a6a20c82f18db5ef0b2bfcc965035db3da7739973aabe7611f2fd45e8b3ba58364d10f9e11d0cfc1cd6ccd7c121129bd125c99a856445799d245039f204

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads