52835f94c396e56f0defb473b8a692416a056b70ff5fbcd73233ba69a945b274

General

Target

448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
Size

83KB
MD5

448ad0acfc00921f130a572d04c25870
SHA1

7fca02070185bd455af28e0eb898a7b2458bab8c
SHA256

52835f94c396e56f0defb473b8a692416a056b70ff5fbcd73233ba69a945b274
SHA512

a65e5bc80144f14a0e0268e5ad9be264301d3415af616a713696d96cb556b3f46ca323b8f867b951601cfca86a1581876be57f335bb981032b80b2e2103ea948
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKZJHJ/v4rH:69WpQE0zd

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5026) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemDrawing.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul-oob.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\icu.md.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.png.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL022.XML.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PEOPLEDATAHANDLER.DLL.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\kn.pak.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\classlist.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp	448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\448ad0acfc00921f130a572d04c25870_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
83KB

MD5
5a3f9c3977ff3c6d044f652b541a2c02

SHA1
ebaee3b326ce9e8279e8aa25bf7919c46e232eca

SHA256
85795056f0c7a8aec982821d7f3d6d8c1aacccf1ce98dbf542eee59fee392dd4

SHA512
e24caa2e0180273aeda8d867dd1eeac799948c1b944cf3c438d4c38fdb65c75d85770aec27eb0f62030c4474aa8a77b0ee58c9103dccba4b126647b61811c96f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
182KB

MD5
3fbadcaba52b3e251739a82c0f95cbb2

SHA1
f255a83f5ba365e7a0a7525911ddbbe70b88bca7

SHA256
923d9696ee7dbe3e65cab2477f2434dd159c22b14ab9b6ef00738dbaafcc06dd

SHA512
b424493a6be2d07aabf195d5fe6cc1beef3a212793e7fea08ebd616de34498d8c3f2541ed1f0c522e428ee394248039c489eefa2a683e84b1cbab2a85d534896

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads