5acb5576a45224cc49df865b99989f493a91cade648fba4316182e570c536523

General

Target

9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
Size

85KB
MD5

9458c5ad72caeedc6f2f11344a3b9930
SHA1

8651a6cc171b596e6c30f06b5bd8c9b6ca00e2d4
SHA256

5acb5576a45224cc49df865b99989f493a91cade648fba4316182e570c536523
SHA512

1f252e7c4e75cc9218c8121c542c96ecc84953755afb0059a76e175ae46ff39cf36c3dadacbb009a400f1e7ae216e7cc0ffb1a89e172036249f4d4d3653503f3
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76uSQ:6e7WpP9oVLQthbYY9oVLQthbUvr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3453) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libball_plugin.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\currency.css.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\RSSFeeds.js.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\verify.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_asf_plugin.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\library.js.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\cpu.js.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2200

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp
Filesize
85KB

MD5
344376a558f5b6d9daad3abdf99d641b

SHA1
8e2cf0441b5d80756e64be5ca88836e8c247fed4

SHA256
492d39c3e86ffa5ad8f50b5761386cdd2a64f0036a835178234df2e08cf8b52a

SHA512
953ad09bbb6e771635d960d9470b80f51163e55734bf590dd32823780bcdcdb16e02323f6b48cff8495d45fb90372fea93f0c0c8609863dd8b21c3ea45a235b7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
94KB

MD5
e4941aa7ad79d764ed9e64fe8dd80d8a

SHA1
8b208ed37800a6e4cceb194b41ddb3c80aec571a

SHA256
d4d235d23eca751fd2130518d5a101068766305917b5fda849bc5962409c50a0

SHA512
f9bdea33c79978f72184b866da4a0046938657a86d32ac21ffa6d8814da63decf787bdf7ea6452ee0cc5ef4b91321d5441e061b1db69d2d3f2da892a7d78428b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads