501d6dc5cdf65330b9f49dd3fedfc640c3e18f96ce64f87e2a521ab87726cbba

General

Target

92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
Size

46KB
MD5

92615d2c23cf56d5662225c5ad6af890
SHA1

c9001a45abfe942a06d2bcac547db8477fb12b86
SHA256

501d6dc5cdf65330b9f49dd3fedfc640c3e18f96ce64f87e2a521ab87726cbba
SHA512

10aeaa9d90fc9c815c8addd9e314ce70b4eecfeabb85317503476270524b1579b20d3242a95c817920d665021bc965f9b3e26a11e29633f276feb2738fe01e23
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNmG:W7BlpppARFbhWJQix

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3797) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\index.html.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\gadget.xml.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\gadget.xml.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Windows Mail\fr-FR\WinMail.exe.mui.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\WMPMediaSharing.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\pencht.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2172

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp
Filesize
46KB

MD5
8f9f6d28aab9b8e804d387c343993114

SHA1
0eae0ac1ddafdc79d4ebd237421f2d6f18bb74e1

SHA256
12787a30aacc64f8cb0785c9e9c6270a95194ed217148c92717a0ee0f7032e41

SHA512
d7170b64add445a83617febf023569047d14a19a7a1652589565ad1443db4cf80ae9f3627307c2d0e702b81b3d2e237f54c61bde0cd505c89fae7ba1730e1823

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
55KB

MD5
0d274dda7d95f4796f0993efda5b194e

SHA1
c4463e083be0eb2c0e871255098741ee0c17bdc5

SHA256
d5b94cd08dd94b813d20ef9f8a40445d82a9163abec29600a3a059c9d94eeeff

SHA512
448d1c9f43ffaa24347d5aed0a29b875715de979917144a1e30633a90854163820e058eea7aa7a77ecf18566b1d9d639c6104365137c45d9813ab98822a48166

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads