a7af1dd21059b587a6c9374eec9f62fd2790123b3a4801a918575ea077a803f4

General

Target

93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
Size

48KB
MD5

93a26fbd7f4d45de8470a0abaa76c6f0
SHA1

8c41b746e92edacd8cdea91903af15701933bc99
SHA256

a7af1dd21059b587a6c9374eec9f62fd2790123b3a4801a918575ea077a803f4
SHA512

a194d18e76e1222901c2f2970d37daaa370fb9b09816cb7b354043e86b0f037183240fb7cc81079bd992c99ae27921167d5253c48762bda91e1c16fc81080219
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbN92JQuB2JQuk:W7BlpppARFbhWJQiSJQ9JQh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3681) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\javafx.properties.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\gadget.xml.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1524

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp
Filesize
48KB

MD5
dc13c7bb6ff3f275830ac20bcf140f4b

SHA1
c0ba1f5e03cb21bd8eb657962eac2f120c94fce0

SHA256
90d2a61d36eb98a37c3602d32137f31742e59a202fe42a255ece7c365b9d0205

SHA512
7550d0886eb0c9d4e8995ab4d8aec2091bac799c14c4b0cc8e404e64f5d131f2a500bc4e1cd92dd7e76b5ae32a885af72b0568d3b9954dc1086ad7f9377abb54

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
57KB

MD5
e7c55ea8b9b9530f8a9fb3087555096f

SHA1
e69304fa89d852837162d153f721dad8279ffc69

SHA256
6bc7e3ff537119617c3e78de89421af7b90d043f93b8e0d56b3b8d148c280cdd

SHA512
2b2f96237bbecd100ef9622c8308bfab4329cbd4cfb3c4d41cbddb011b7695641c05a817b27585bb80329f48d990123102416d43a96904bc5a8bf2f989db5960

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads