121fb47d887262db78468b4acc3330eac9c1a3b80f4d2f9e3264b1d8872ccaa9

General

Target

44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
Size

81KB
MD5

44264ebb527cd4573becaf14a2421fa0
SHA1

43f3dcfd05c5f42b0d5a9b5ba68b389c0deb90bb
SHA256

121fb47d887262db78468b4acc3330eac9c1a3b80f4d2f9e3264b1d8872ccaa9
SHA512

333311ea40f5dfafc565e23d2c02f4b394fe3ca89f4c05ff10d527ab4351f51b14f453e878eb832524b3382f4db7373f079720e19290fff3af532f15befd188b
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/ejJZJF:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0zF

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5013) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_200_percent.pak.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.resources.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Tec.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\concrt140.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationUI.resources.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp	44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\44264ebb527cd4573becaf14a2421fa0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
Filesize
81KB

MD5
6e4e20392b1e9f44c1f9c4ee332bd56d

SHA1
74a49b4e5330556eec2f4aa1d21f1eca0a3273af

SHA256
489a2d4b6b7ef38159f61650f74e9d56e4f60d5c41c3bb0bf77a4c40890f5dba

SHA512
01445e801893232fa1365b0f79eb69ad9a8037cf4db90e9cca78cf6553472470481037e7d9c62aa4e342267cb83a9724d9f9fdef6b19973f877f8205910b1937

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
180KB

MD5
5e6e717a6e40f2349ac8006f04f2afcb

SHA1
63a902183e4cf8956df46a69117f9d2f15d63aa9

SHA256
8d0f02fce8f1193da073bfd172c1023f58f635912c9c57eaf9dd3ec1744bbc68

SHA512
e5dbeea6525face2e6482dec371a0fed38748fa610b9aede144963038db18590dcb4dee41e6fc537a74e6dea00c746fda6ee8d6c7e90b9c1aa252954b7445280

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads