a19e231f5cdc133f807598ed4c30bb2a1c815706678631d1ee090f6f33eff647

General

Target

4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
Size

80KB
MD5

4b5c359c82ba377e4524d40344e2a160
SHA1

626629743c1d06c98b0c027c8e0a5fc69de7b9fd
SHA256

a19e231f5cdc133f807598ed4c30bb2a1c815706678631d1ee090f6f33eff647
SHA512

443b5cc85f4d3d57eed52da61c02fe48c61f5ca487b9c5018e0d6893e4f57b573310791f65c51d72f421e0aad63ff8d12f9c1ffa9169dd73be0533452840a985
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/7uH9uHt:6e7WpMaxeb0CYJ97lEYNR73e+eKZ7udU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3450) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\javafx-font.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\liboldrc_plugin.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\javafx.properties.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\softokn3.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.tmp	4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4b5c359c82ba377e4524d40344e2a160_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1276

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp
Filesize
81KB

MD5
f21763ca7fc3dd011a4604c406d5c6c7

SHA1
13dfd036dd74662d7d98b9c02cde1a576a978ff4

SHA256
1f2e1115fcac87e9814b148a774f876dbeca8b7dac08b02e7514cb7761695eb8

SHA512
58d224979907932a0fc4989ac871a23db80bcf7783538263505664cce2470376f11b05b0e86762a2eb419f0429c08b1ab4467a32ece474ccc3b338ae2ce6306a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
89KB

MD5
defb989f9ecf21e8eae99ab09bfa7053

SHA1
a74bd2644542ce65254b71d2f5e9a7bf767f82c2

SHA256
f31996b4d0da1994d7f2b1ca9aff54a5fee25ac565f6c63c18661de9dc352318

SHA512
3ff3a758da585ba75eb45f0618d1d9222ddb60e19c77990e83cca0847726d964ddbac2203c2827fa693c078ee0e402722284b7ef5a651d829463643db297386b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads