43c073760c129051ee96ebe4fe4494bcd8b005db41dbad6845f51ff904766954

General

Target

4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
Size

75KB
MD5

4413e8d2ca82935653c7248ba2e8ab50
SHA1

5ba87e5b7e074f184619609358b4e38e3cb6dec5
SHA256

43c073760c129051ee96ebe4fe4494bcd8b005db41dbad6845f51ff904766954
SHA512

c337192b1aa4fe5f3131e61a9e7b0f4ab9891dc387357757e74e20469b5695e2a6e0b2df66875f666aea61e362960acda784c3f16ee97990b657639a4e555029
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhG:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4787) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jpeg.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000A.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Xaml.resources.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.common.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.SystemEvents.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4413e8d2ca82935653c7248ba2e8ab50_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp
Filesize
75KB

MD5
88c64bc8570f141366660a304507a01f

SHA1
ce8394ab07fccd8db111ac0cf7d1f43695b3bc06

SHA256
752eceb8e9c98ac1e6f9f93f861749a957d1c7597c8afc1545639e93e8ed9e7c

SHA512
6dc8e46b2afd04be98da8bd0647ff55c16384401381dc6976f33add3ebae8e71483b5e83f80cd16f46e806e8134b25eb82661f659bb5e266047221cace618095

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
174KB

MD5
86373e160e7769108e9af2896a86b927

SHA1
18cc9d97a92a36f096071d08e83fe9af0b0697ea

SHA256
85fe0ecdf1df1a7af775f95a08a76e6a58fe85482597e50c0802d264f4b6ac09

SHA512
2103fed7b3a7e7a0469d47017e6e306d2173eb9eb20aef767f968aa5437c48a885b8dc1b780d14d02a30750ca637a98d2038b9261103583195f58ff4d480e08c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads