46266841b83e4647cc759171b0eb9457c2ee0090dff4a2e6eda09a66c051eae1

General

Target

4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
Size

44KB
MD5

4380e094c3aa3dcd002e0ca70eda6300
SHA1

25aafd4d9126962fe739425f3c16fd234bf299b6
SHA256

46266841b83e4647cc759171b0eb9457c2ee0090dff4a2e6eda09a66c051eae1
SHA512

ac0e1c8bc8df12d4dff301ac0686580c8e8f95aa31e47cb0dc75ec74bbec1ebdcb7a7390e938608405776e95cf3d3882405cee77b310f00036bfc873edfb5537
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGDr+8/8P:W7ZNLpApCZrt8PWGoPWGDr+8/8P

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3521) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPDMC.exe.mui.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\RSSFeeds.js.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_asf_plugin.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
45KB

MD5
b1883b6873b6344e1db147e2637c6020

SHA1
eb73fb6c6cb329aa7d31e6d5f1917b68ccdfb7a3

SHA256
deaccfd0c62be80bba844b59a0654d9eb4a641917badc7fbdee706b534d162b5

SHA512
8b34fa44c6605bf2dc0d0bc7c38156ee3194003acd0645264387705332829baef84886ff0741a2b96d0a24c6521dd1e2212f9f672d4e6e1a36be6dab6e883e8e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
6c95920158be72b0153aca0a6e9f8b41

SHA1
b27ca80b1c3210f5a8091103e0b81880706f7ba6

SHA256
a4a5e54805e31d6b20cab78799691b3c40eeaa05e72fe3f027049fca358f3e5d

SHA512
d97ed7ce9bdd7c3f4c49e2282be87760cb5ac6d990dc7a44f6ab8237acca9e043afca482dd2f4b539c58e47d70d7ae9594cbe9fa0189634f2ec7dd18297c3326

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads