217f1933a34558422f7df30ef6f030e044215846eb91ebed1fa0113b23db8fa1

General

Target

48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
Size

134KB
MD5

48fe4392584ad4f413a3a2d619c9e8f0
SHA1

683f4cac0e36b6b79127066c2101e8b0d6c74680
SHA256

217f1933a34558422f7df30ef6f030e044215846eb91ebed1fa0113b23db8fa1
SHA512

41f3aff7c96771af349277c57b6855475f8b1a455400541af47e2c439ef6c394bd43b0197bb923242601fa58f270be9f1fefda94ac79c1a5ea3e5d8973ab110e
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c5cfYf7WI:/7ZQpApUsKiX26rWI

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4675) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sl.pak.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationProvider.resources.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\README.html.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Design.resources.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\d3dcompiler_47.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\48fe4392584ad4f413a3a2d619c9e8f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
134KB

MD5
48223386920a0b8fed71afa0bd978b32

SHA1
bb09ab47a865cd90a11177802e731696c0bef8a4

SHA256
486110448ad91193be005df8b8301b34693f9293ba81af06cde0e4f3f348d9aa

SHA512
a6de17f5ace08e25a5d463313e7896382bd4d133b4dfd1180be14aca3dff3d9221d10d849aeaf5559780f895287238906163069191d4ef619cd0c2560951a024

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
233KB

MD5
53b60f3412834ae352721d8c932749ff

SHA1
4e10899a336c68ba33e7b10a04e0f154dabee4ff

SHA256
1af34329ae66e4bc97562d7cd37f3463df772046a0ff8be7173a692dae1c0d43

SHA512
ff26c6e6f91b92f389db1ce3f10a0b4830f70f702c3bbd8830fddc69eb6c204b1c623affab216976072a56f355d70b2b813ccfb6c449adaa3663627037fa1878

Download Submit
memory/4772-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4772-1590-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads