1915f46548038209d65b4343a7d2ac3b67e4d2c0ad3932af04c3089993c6f6a6

General

Target

c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
Size

81KB
MD5

c43fd08bef7b4437059a7804ab0519f0
SHA1

636e715404668c7428b07ad24f8f5936986e2763
SHA256

1915f46548038209d65b4343a7d2ac3b67e4d2c0ad3932af04c3089993c6f6a6
SHA512

48f53e6b82e500831dd1a6a81f3864a5b03a35ca01d7d15d59aab589eaf1f10273835d33fec8575fce290cf7addc2d3e7cd83f0c9f7f109548839a5089a3c639
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/w:6e7WpMaxeb0CYJ97lEYNR73e+eKZw

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3451) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libinvert_plugin.dll.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\it-IT\msoeres.dll.mui.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\de-DE\msoeres.dll.mui.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\currency.data.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c43fd08bef7b4437059a7804ab0519f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
81KB

MD5
ec895ccba96f2b5a19ebbe3495ea8e69

SHA1
27ba7825c222e8fb9d4104784fda6323be2b1431

SHA256
802f1d4ceb99d7abb3666ea1c4ce63133b0efb28bac79b8d0dd5e809eed6748b

SHA512
215366f398eac54649c531b0dc5af35fecbe5deca2f79928b54cf91ddf97d0a330a87617e971789e6ddb302395d33675772aac47d565ec3d80e823416cb775fe

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
cd918db48e4d17c1322228e4e4d160ec

SHA1
099919a1d2fbbcc843b7e75731477f1a02d2b8fa

SHA256
d25093355184c490d2ae00bf78e0b2c17d334b94ce9b96f7a2346adeb7a2e70a

SHA512
c080e0f2171388e7390d4b483cbcb521acbf5ae10f57e94b228a5af09c1093e4695226c34f24ecc43c980e2daaa21b829c3d700ac89c7b3523c3b0e38ceb71fb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads