8247c3a10eaa8cc0f741f20f9e5a41d7d673e236cd8957f97100bcc07d81c612

General

Target

4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
Size

76KB
MD5

4d0dc90257ecca00906452389ceb0dd0
SHA1

c06e1a7ac1809254a11c3353eb6a3aec03ad2108
SHA256

8247c3a10eaa8cc0f741f20f9e5a41d7d673e236cd8957f97100bcc07d81c612
SHA512

8565e85c304c2d61e2d22a3296409506619b93c6ac93a1e3ab51fd4022cdc5091637fa580c1b7bdc2721056c2f3f6c0e403d29da08c790f2a380d5883a833749
SSDEEP

192:tACUADIY0Br5xjL/FAgAQmP1oynLb22v29HWvHWY7GG7Glt1O:GBt7Br5xjL9AgA71FbhvoBlW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4804) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationFramework.resources.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAME.DLL.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL110.XML.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL111.XML.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Uri.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-ms.tmp	4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4d0dc90257ecca00906452389ceb0dd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp
Filesize
77KB

MD5
2891ceb7798d597883be44b5cbbbfa0f

SHA1
95e9a0c1b018b3a14c0c8b6261a6e78f8cab77f7

SHA256
776df8c4d4b56c82dd6dbb86bdf7685ca07546ae50ac0c552b4a725fd7ed5494

SHA512
04cd8b40991dcc656c0273211ebaaa81cf62a374ca1abb7e84034a7bc4cf87bcb6dd32107659945df46c0d3b29c7d660b3d8c070bfee4cd9d2f54d163036952b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
175KB

MD5
b10401f2fa94da914644e892c39b5cb0

SHA1
c180656d213fb1b6fb995fb15d1612e247a10db3

SHA256
32c6b7e7e7a9b64b27ca11f2eb9d747ecfce264f2f792a50942087a83a0b0c23

SHA512
c8a1b96d3b4dd0222848ae9436763b13da9249515009ad7d16b121e1e7dbff0c1597f77c3aa3f083efaa0c41de995a917685c928edef1582622fcdd12000d54b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads