9547659a38c4fd7fb80075157fe8654b8afc5bc85bca24937b0cebb90de07980

General

Target

43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
Size

89KB
MD5

43bc3ea3636424e4dce4f6518194cc10
SHA1

42955d598ce9e90d1a0b4f8016e1e354fa0e0614
SHA256

9547659a38c4fd7fb80075157fe8654b8afc5bc85bca24937b0cebb90de07980
SHA512

2a30a103255e907019ec794dcd3ab857bf387c5ffd1ef2f82f2b344d5daddde26376799aaa614653851c4627421615c38629f12270efc49c7613c1e8c6fb886e
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76N:6rWpcOPxPke+e3fFpsJOfFpsJbgE0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4745) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\7z.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationProvider.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSVCP140_APP.DLL.tmp	43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\43bc3ea3636424e4dce4f6518194cc10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
90KB

MD5
fa544c1703529362d736748adadb1ef2

SHA1
415a01681d82b9b4975714e30bbacb4c6533d76a

SHA256
e94f0243d62e5404cf6cc00008e9a00a343028a6571bc72e6d6bf60c0536dd5f

SHA512
7a188cf302a5eb19841826b980456baf6bbf15a8ac1dd10f6043e82f03615bef1348b66bab801d634c7f127e84369d77dd3b54045a5ed1cdee38b18289f3fd14

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
189KB

MD5
a5cd558641808dcd95d7f107873b9a4d

SHA1
266458e6f0344e9113012ac0dad06c6acf5b5263

SHA256
ec91062ba4920c5d779cc0e94bc221e6347b452c6fc37964705ba9ca1befd4e6

SHA512
6adbc1c6c24565ef5d1d5619c2716a95f4b36ce4ada957ce57a803a5d53e98b89eb539cc26a7b77ee334e9472fa31539f5d6f2dfb910fb925b8a0cf87a1874f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads