22c954b38d8058abb72117e2976343b47e0b4bd05e8bf3514d4c47af3c4765d5

General

Target

0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
Size

80KB
MD5

0a0b578affee94f1a75b962fa809f260
SHA1

317f1338bea55c73d08b3ee20943bc24d5d4eb35
SHA256

22c954b38d8058abb72117e2976343b47e0b4bd05e8bf3514d4c47af3c4765d5
SHA512

07db7d4859478683131f9d698902d5b12011c4c9c6db5ad07f687142d622ba92d901a8e9f1a4292c244b85447696643f43fca4569e52c1d856845bfcdd605b7e
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lDU:6e7WpMaxeb0CYJ97lEYNR73e+eKZaDU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5060) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SAEXT.DLL.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL097.XML.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSVG.DLL.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_100_percent.pak.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ppd.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnPPT.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp	0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0a0b578affee94f1a75b962fa809f260_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
80KB

MD5
c3042dc55533366daa8542ae9d31c110

SHA1
ff93615de70fb0202e7b68a54e4449c457a382c4

SHA256
1361417c83cae6aee7cd9aaa12e5ef689ea854c34b7272c994f0d3c6f6404568

SHA512
243b567bb4d499c15f8c7ecc8d34167055a075da2f55ea50e0ce4ecae66ce47928de1b97d3e92336eb87d6e74b687056d2390e4a359fce7c8792b159d4608984

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
179KB

MD5
3763a0bcf32f822507ea838ac5a085db

SHA1
dd75eb7e25929509683316d244527b3f040c2e9f

SHA256
ab659307fcb47c3c168bfee4ca5528aabd24d674f2b6edad611280756eed27cd

SHA512
74d261068be16e1f9a43d7d5c60e0beb938fd20d94ecf5df828eceefc44f44150ea4254ace7e805b818b922713bb14d02e2bc55d593aabf8fefeab53cea50325

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads