e5fa60aed03eafa674a66ffdd524ac84b1be61a88e3841532d53df0eb49ee628

General

Target

47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
Size

129KB
MD5

47b06208faebe90e81018b2a4c35a6c0
SHA1

a53456fa75d5ac0da0f1ed66650181c515636998
SHA256

e5fa60aed03eafa674a66ffdd524ac84b1be61a88e3841532d53df0eb49ee628
SHA512

24dd78d9f8d3ab9bce0cb3b553385d69496b294ed7554957c2912a4bea1615309289696c5ed91121e99dbd94feeb86a63e08fd3a5d1e184ee426f40ebb9a40df
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c50KPKs:/7ZQpApUsKiX26KaN

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5029) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\GetResolve.wmx.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.dub.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ppd.xrm-ms.tmp	47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\47b06208faebe90e81018b2a4c35a6c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4292,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=4028 /prefetch:8
1⤵
PID:788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp
Filesize
129KB

MD5
dfab9b2cabd21ec6ca0a4b346ef04b21

SHA1
f379596ff4d310c196700812ca5532dad41d5f2e

SHA256
8db597ba9bb4bed06997b8493a4073615a89510ce21f453236f7e946f6b94092

SHA512
e54e34153d2dfda4053ea4212ddb867977f95d579d012a9b95e9eb44791277ce9b1817eaada4a6d31b1efbb0b6189df3790981d5726c85f91a3ccc3263d79d6b

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp
Filesize
241KB

MD5
6e961fa7367199a5908f9f747493b00b

SHA1
8a1c51a87df84515a302fa327883b398fed819c9

SHA256
5c9917d8a39f4be788ec861bb76a1515c7567fecbb3642b0043e9c885a4dd60c

SHA512
ebbe9d33906d8284f68ace07bc5b1c1b31b88745386117c65415f508f9d1665dae2de7471cbe88f1319c592b15f4c3df4a841eea65ea013b878bb7ed73cf653f

Download Submit
memory/2140-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2140-1790-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads