7c81429c83950a55f3007e58a49b28599176a2bb7337de99c770ce5ef193aa59

General

Target

433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
Size

115KB
MD5

433c17eea4d91162a767e70ffa42bde0
SHA1

2deaefb0591d4e458041cdde536573066472fe77
SHA256

7c81429c83950a55f3007e58a49b28599176a2bb7337de99c770ce5ef193aa59
SHA512

507405b92b0ddfd25d8060948c58bb6f44a49664ae9734107c6358453c36bf3305bdaec0be579402bf9d1d767dee8822671486c7995572874bed8e060c5e4ef5
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzT:RqlIyFESWu0SWuGS3

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4813) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.IsolatedStorage.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationCore.resources.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ppd.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xsl.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLISTI.DLL.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp	433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\433c17eea4d91162a767e70ffa42bde0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
115KB

MD5
b82df9af247347e200838f66cf2c9d27

SHA1
08f148562819c163010e41b39b6aba651e7c605a

SHA256
b690afa48dafd9f21e0aef0c0702b13b72bafb91c1da1d3989f295316269f235

SHA512
a9d01b10e5c2ca3a6550cc19c5ba9873ef4c3078de0be91a32ce39d6308b7d04963a7b283086a44e14c7b2d7b23d321cc954702ef7c778f35f3f8c08efa39fe0

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
214KB

MD5
7d10a98d9456d11e673250edde3fae50

SHA1
e1c4d495dbd46d7115cd8883398294f30f64d91d

SHA256
3b1f9f6338c4d2deaafa4b8036787b0709f2248172241c716913c22faf12329d

SHA512
b14f9ef2d55b1ca8a36ce60fad153217ff595745875497c3ed8d39fc5a05fe024a7a7862d273c7835bff58184235b4e927a5be3aa465d6323c58679f0c6eecc3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads