b2ee8d5df297ddaf8edeb634f2aeb724aa17d5574e098fd700402f204495ca91

General

Target

4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
Size

94KB
MD5

4e0835d0804f461490502fafceb607b0
SHA1

600657d8b8bd44636131d092cdbc0609c50c0d05
SHA256

b2ee8d5df297ddaf8edeb634f2aeb724aa17d5574e098fd700402f204495ca91
SHA512

7421d8d532e44f64d0cc026a023ead987dc98a7c3c1a2ede1825ab4dc8cec3212c08e1c102cccad103f4d28dff85d5c6f83133f0f4737ce8374f940c84d5fdc3
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNe0A0D:6rWpcOPxPke+e3fFpsJOfFpsJbgEU0A0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4642) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp	4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4e0835d0804f461490502fafceb607b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp
Filesize
94KB

MD5
13c18fc485c7f26efcf9ac35dbc31de9

SHA1
a6ebd2ad6e922f1b1fb04b6b1ecfd26836e58603

SHA256
16da33853e5566fed2036e7d217352e3c2b821714600f185693078090a3af1ed

SHA512
984107edced48f7136ee37805ca258c178f140c42fe23890a6c8825969c248828e80c7c61c757b34212b7efdc1518203a5606fa4e213a4bb85e94b3c7a966787

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
193KB

MD5
65feac0261264549df7f183396940cba

SHA1
ddf34462eda82261d0f229603a0325cc1bb32d43

SHA256
13d83324a9f7813c2e5b08f70f9feecc7e2aed089c4808ad358bd1586f0284dd

SHA512
b192ef4709d0d7850b2683e12b89ab41000c10261a3900646250afb99d2378d2dcd88d098390a13e067452e8e5a36628ece81d0e5d99faac4b5d30a9e74b917f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads