615a040055749eea9cc7915ceed5cb0ab3e9b82c8bc2b02ace33370e52a593e6

General

Target

4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
Size

82KB
MD5

4d820457d7ad19a1625555eab4dd1750
SHA1

ba24164d6a59ff88f846fd46fcfcf51067c7931e
SHA256

615a040055749eea9cc7915ceed5cb0ab3e9b82c8bc2b02ace33370e52a593e6
SHA512

ac290cf18d5fc238621d34f5e7ba8d758d7d8991723c92f553e8c46368d90c0d7eb198a0f8ff170a121756f2b4f92e47102d7bc5f636714f497b1cbb91b52f85
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKZJHJ/v4:69WpQE0zr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4626) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\bundle.js.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Primitives.resources.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ko.pak.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Xaml.resources.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemDrawing.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-ms.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp	4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4d820457d7ad19a1625555eab4dd1750_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp
Filesize
82KB

MD5
224ff6c72a7f7c60f232f40c2379e060

SHA1
3d9aa4533ba8bb94199ebfc98079abb5fdda9dd4

SHA256
4f3d949d41ba5151f0bf34acaf5159967c9af2b079177bbedba41c0ebe6e3632

SHA512
722ffad2d4154b74729e29590e365daf10273f5049725738cc9885395af2581b77b19557f6322186b9cfbf3820280717e0c28b276f1b85169d46b44efb3ee582

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
181KB

MD5
6e78f232d90fd20863ee0bcce5dac926

SHA1
d7307c85b929e83deff4d32ade2628cdff5871c6

SHA256
b410810d171f14d8f88e98506c5d39eaaa116929f0954abe0f62f5e7ebcb5eaa

SHA512
a4c6b64f4599af242c6340be825fed774aa83bc9172642f205e3d5fbc9eb93681b05cd209299d8db8214ae546854fea80738560a9a337755d032ac64fe9c43a7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads