e2c790b79b9352d62bcf04969bf28becf1e97e33510eb48c3631d2b7258656a8

General

Target

5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
Size

83KB
MD5

5a27cbbb03918761175276dd482de470
SHA1

cad1dae1e7fe494f2b6ea3da9c92d768fb8ed200
SHA256

e2c790b79b9352d62bcf04969bf28becf1e97e33510eb48c3631d2b7258656a8
SHA512

04e47d48f4e6933ca38745847bb31e3fe2de6e657fd8e3d131d6bdf690a07e4421f49ae7aae8b6167caeb968845a35a23154c19486a86e956ab4d1a952855267
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXad:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VX8

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.catalog.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
83KB

MD5
68f4156c461eabe1e79a300fd5147e10

SHA1
62f4a5a6f89575d958c994e095ef1aa9e38e8929

SHA256
a9a8098fc46cd3165511878efd75b70c451d14bb87c266375a7f37a8a16c5afe

SHA512
f533c1d117b0fc2c83eaad151776bd5c820c1e175bfa90a15c5f3b1e4a5a675837f69757cc89515f0fbb0ad9ba14f60898c349ed1d660a540398914ef0599e25

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
986fa890dae1e8c1ddd7cb12a4dfeb80

SHA1
26307e24bb0277733050dd17fd2f4b8527933e4a

SHA256
8ba5f755f6c796761338e8ee67a3cdd76c437133b13c171b1589c2b13c47e9bc

SHA512
0b04722760a9abe0b14d64b582c240142f6de5deba2e725f838fe2868eed67ac3c0272728eb44e9599648082f82c869402bc7c588fe2c584418c8f84d2c66d6d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads