cb9cca343eac805bc2fd4f063850bf5c92c908cb542917de3978849d0b39e432

General

Target

9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
Size

93KB
MD5

9289fd99f70be68574d1c49db1797280
SHA1

6336ad37d3a8785b7ffcd099387c64aea66689f5
SHA256

cb9cca343eac805bc2fd4f063850bf5c92c908cb542917de3978849d0b39e432
SHA512

f27795a4c00eea14d1917ae2d75e919b523c47ec73e32b6176aa524ac7b618516e418cf5e10cae68c10cec4e6593555be9689136a6df3c4089acfd53f0711e3d
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNf1F:6rWpcOPxPke+e3fFpsJOfFpsJbgEx

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3441) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\currency.css.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\gadget.xml.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Acrofx32.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPDMCCore.dll.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1728

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
Filesize
93KB

MD5
5c59c8f6fca17dbb7ab9b49c6e3b2c07

SHA1
fd2c7e0d117109bf9c9dd5680c7cc7d38a80146a

SHA256
5de7f43fadb6974e5fa3dd016729eaf81efcd1db8ef45bf0177e61e511ab3fcc

SHA512
d83e01eb71e3f83eeb00c2c6b7779ecd2862367a74b2931e542573cb948acd0c0f7a070d9c2b515fc41dab838fcc6a3529c7512e50335dc828682e98b86f23cf

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
102KB

MD5
2d399216a8e2451b2ecb59010d46e989

SHA1
471055379c50462e75fe0a4338e35e8b26e3af7f

SHA256
fcc4c0099ad9fa2d6a043c2e5d6a84bc01b53ddbd71032299905dfebe3b9c8e7

SHA512
487cc9ac97368c4a548b2ec123e7f1747519ccc0208d05d06173c8cf70526643640584965cb9de374b3d2db27ac7e49bb41ebf882973328f587c566e27cceff3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads