84668345ff68e5956d1ef3bd3768bb2d2b5cf6aa0a4dc7e04396f0fd33991a78

General

Target

821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
Size

78KB
MD5

821683e6de515d5369a8915f4720a880
SHA1

372626bb698ede9da39e95a4ef27aa83f37e6f7d
SHA256

84668345ff68e5956d1ef3bd3768bb2d2b5cf6aa0a4dc7e04396f0fd33991a78
SHA512

c8211d9db9f614e147f2bd74452bd17185478707a304f8caee1e5c25459670289bf094ab1764881ac52eb9194c69a75eba09a134122f32f462ba45c58c9418c7
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORRe/:W7ZDpApYbWj2WTWJe+e/qXS

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3561) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\currency.js.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\settings.css.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\localizedSettings.css.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\de-DE\PDIALOG.exe.mui.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\es-ES\jnwmon.dll.mui.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\2d.x3d.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\libEGL.dll.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\MpCommu.dll.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\settings.js.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\slideShow.js.tmp	821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\821683e6de515d5369a8915f4720a880_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
79KB

MD5
f1070ea491016259dc02b6aeedce9093

SHA1
fa9c877f15b99edc6f825e16934cdeb93f2ca3a5

SHA256
ecdfbc25684aeb66c9d88f157c538959a57116195aaa8356e64f2be681128674

SHA512
99bfcccaaa4534e0632f30335e45656e10aea2e30c6c74f9d4f3a6322fbd56fa8303e31d4e2b79a04f4eba06fa390032fb45fd9b18a4a28d2a4f1ef4ac9d1da9

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
88KB

MD5
a510b026bfd220dd786ca13d50ad3328

SHA1
56367e4f1361b2c55d730bc3daf969f659cd6a58

SHA256
fe5965a32ac2e4052105c33a07ea5cd9609e272705228f165f57e10b449758c5

SHA512
58d784c48ab8e7b5961b1729f2eba38b8603a3e7c54d42a45193bf9bdaa6d366975ce1030a0172981b84067357778a4e26531b133ac6fa837d0a6a540dc1f842

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads