91fa0a17e8c56b3537eb40315f600b512230c49521e94e62e3438be9ad5c50e9

General

Target

5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
Size

81KB
MD5

5215339a990474d98f11368bf0806bc0
SHA1

e8b5e93deade4636bda8643c7b2ae5705a1ff554
SHA256

91fa0a17e8c56b3537eb40315f600b512230c49521e94e62e3438be9ad5c50e9
SHA512

2bee3f73e8e8522ade3d8c6b265a6e41777b17ee860075063ef5f7331604c624168f1872d26b10c6fc3fc536a79f31426958abb9107d631d3c24725306b1afbb
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/aJaKJawHCH6l:6e7WpMaxeb0CYJ97lEYNR73e+eKZk

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4837) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoCanary.png.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClient.resources.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL092.XML.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.RegularExpressions.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\BCSRuntimeRes.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp	5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5215339a990474d98f11368bf0806bc0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp
Filesize
82KB

MD5
3554e2534f2ca394e75ea9623453ad20

SHA1
dac802fac9e3a4477640ed42a05b3476fda78400

SHA256
9477193ca96c07c7685235a379c91afcffe6c3b9979904f88f4aec57194d61b2

SHA512
edee5eda823a3c519ca11f64ab2a4f63f8ecb9918d8f9cb26374f5dd56e1142662c67b6361fea37d615f57dadb066f864f9e6d19bcde6b1a49cd50839ea1f121

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
180KB

MD5
f273f8aac32fddc47948f77835acca1d

SHA1
2aeb5ec0167d3de5856bbdb998e3c2aedc00911a

SHA256
4d020bc4beb8dd2074f9b5e18ee67a2cc102f1943b8008c17273bd9c8f717345

SHA512
9139dacadf410577bfec91141bf5db4ce8c3dcb2cd33f64ca82c50b7b668f7a22036242b0f7531fe86c199b5d562642564111cd7de0e2b2cce1af4fc4634cf72

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads