ec231f50e08daaefb7e5a85b271e0cb77d1c0384fea163f32614ce67392ec4a3

General

Target

4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
Size

141KB
MD5

4acefa35ddbc07d1b214f53ae52fc7f0
SHA1

df0831fc0569daaed9f8353e0d8b9f7ee6c5d938
SHA256

ec231f50e08daaefb7e5a85b271e0cb77d1c0384fea163f32614ce67392ec4a3
SHA512

89a20801e64ebaf0690ea7bc1b3dbeb34c7b71434beb4a133caa6b7c5af7ea9613a1a43831ab99173ed6dcae78ba198c1c53506bd32e3578ae76b28e273a940b
SSDEEP

1536:W7ZQpApjIZNdNnfFpsJOfFpsJ+n1k1jWk1jeOmOX:6QWpkzlfFpsJOfFpsJ+n6jqT0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4669) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 7.0.16 (x64).swidtag.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\GetTest.avi.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.policy.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jni.h.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp	4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4acefa35ddbc07d1b214f53ae52fc7f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:5040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
141KB

MD5
8073ae3aed9cec291cfbcac310815a47

SHA1
90a5336078df90c224a6ea9b1b856403caa63352

SHA256
458aa2a939b945503b5f10731b9b83481981456a2884297c334944764e9171a5

SHA512
0fe1aad5943c66842602e358cf7d327512dd6652a321167b6e4c1ef16a085449428d5798f6825acbe4ee10a90bb61a09d21f7f5103502d06946f3cabe36c2473

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
240KB

MD5
a42c1e627646e489c63da09b29f9c6c8

SHA1
fb46efb09cf6192e1e7bd579417753b3f979033a

SHA256
f40db531f3cbc2b7dfd47f4787e2a57fac41bec94c6652e5a781bad15d5956f7

SHA512
affd794f4ec7e0c993e075d2651ac77b14006ee041544d54d341a7a4dd13bd914f9ece632d70c5ce3420a5b3ba3da4baf7fa8eba06525e8223b8ebebcf7c6e7d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads