cc41dcc0ae6181fbc8d8377e0a6457ba586e9cbb6f390fc7364e0beecd7ff8c4

General

Target

47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
Size

72KB
MD5

47261f52a7b70f81326f5d247403d4c0
SHA1

07647939d755c24562ce2a1ae4d533fb6de647af
SHA256

cc41dcc0ae6181fbc8d8377e0a6457ba586e9cbb6f390fc7364e0beecd7ff8c4
SHA512

8b22728fee24075c70ab1763cb0daafdd6e23d0452928a755257636511f205e0a151f590d149d85f40fd32fa1475a7481b812bb05e382fb8099cbc13b8f7efa2
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/UmwB:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcw

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5050) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.IsolatedStorage.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.Unsafe.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R64.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-TW.pak.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\47261f52a7b70f81326f5d247403d4c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp
Filesize
72KB

MD5
9c6df3730f5d4122b91b716c6fa391a4

SHA1
0c2baa9312ddb6343c39a629d31a3ae144081c72

SHA256
6010e3c7dfebfb958c0ad57d2af11558eed5776be2de0fc640999ea8e0f102a6

SHA512
f20cb4dfb42650d50fced8f3639fef075bca75dc255243a02d06e54e03b487beb636353e601822e807fd8657fced36e2e08458f13f2e3c7996c7451ce8773b04

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
171KB

MD5
f9def21caf0937c65d928f1050679473

SHA1
5d0a86d2262e2f7b79b1dcc85447636da689e553

SHA256
419ac234a849cdf1ce6d42e447592636db894a60e3e865acff93704571c56471

SHA512
516d849ad90865b41ebb819f77ffd64427fa2165d564e16a5b941207f012332b2004d3e371b3cd804cb1dda494b3e5a73dcff8986871fb228726e529f6e0381a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads