f90e8f7a6602fb0bec7de33e32d354ec95a9c5683605bfb13e16106ed57c7fae

General

Target

085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
Size

69KB
MD5

085c0ec95788641513a7aef39cb2d580
SHA1

9a91079c841e9c60e951d134834d03363634d392
SHA256

f90e8f7a6602fb0bec7de33e32d354ec95a9c5683605bfb13e16106ed57c7fae
SHA512

948f81cd2ce559f161b6cfaf42f5583bcfc7939e494b5c6a173d2cb09675be4193ae28370dd9e556c2c304a0b69154db90a33d4a12fdcc69563def82c95725b0
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7txv+qwqC4:6e7WpP9oVLQthbYY9oVLQthbUrt7tcNu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5207) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.boot.tree.dat.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PowerPointCombinedFloatieModel.bin.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV.tmp	085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\085c0ec95788641513a7aef39cb2d580_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
70KB

MD5
c1a261227f19c35475ba10931e4f7c8e

SHA1
f25dc4fa4156d01df7b897f6e767bdadbbfd5f32

SHA256
7835f1178cc433d113b8577eeceee97024e19f4942541f73d1a928cc2b988f9b

SHA512
7379817a02b4c4fb200ecfd54d464ef447a2c76f6981d4d11863995f164a738f8a36f7692c22a41f0ae8cecba51df06b1057cd3ef3e413357c8b26a6df8d4db9

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
169KB

MD5
54262b57b123d2e8e3cc281ac1ca94c7

SHA1
518c1e763bb8615ab1e3b04ece45e1660f5a528f

SHA256
349c97b732f0beacfd9869235625e33c6e3a823de391b4d39e6cf716401a83ca

SHA512
a80ed871bdcabb0c4b6745428ac874df6b7bc4bd26ac15a59efa4d46a558776d8c90976226b7f997fcc2846a83f4a036b7d8f502f5b9db5484ce6d6dcf24b2ed

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads