88341ac0062c5ca7d1dc156933a50848bab588abcf3f7f3d7311413d39df1d72

General

Target

5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
Size

123KB
MD5

5a5657d0d8c72e0ae921bb91886049c0
SHA1

dd2c1dac3f8fe11cdd51e735b5fa730c96cff40d
SHA256

88341ac0062c5ca7d1dc156933a50848bab588abcf3f7f3d7311413d39df1d72
SHA512

ff7c52bbb2ad4d43f09a43a6de774dfe12732677997ad64591e53c9d833ffc76f41514d44d3b252b103458361ff9ceabf7dd2b93ac9336f0a5c95d50ff2b0324
SSDEEP

1536:W7ZQpApjIZNdNnfFpsJOfFpsJ+n1k1jWk1jbja1:6QWpkzlfFpsJOfFpsJ+n6jI

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4820) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\uk.pak.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\meta-index.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libGLESv2.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.HttpListener.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp	5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5a5657d0d8c72e0ae921bb91886049c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp
Filesize
123KB

MD5
b6865555998ddb18a93870c54fca0f37

SHA1
409bb7ff857055451a790b48b2e38adee6ccc339

SHA256
8e7d8387228bbaca6a615173df6f63be156850ed73f8673cc71a7d11468741a2

SHA512
7ea25391aacae28806033bf7d8fa3d7fd7870a04510772b2ef1a0af91b223572840c69a2606518ba3824e56053c41f60970bd763aa08ce0e49f15ecbc873dbfa

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
222KB

MD5
b54759b183fe43822587dbc7523566d7

SHA1
189400d728246e0a4cc3865be323cb799dc9fd00

SHA256
2e38a87419772a7e3722052195c519a0837b850b201815e773d4d25fc630d5dc

SHA512
c9e90d06f5f6cc8cae0783dc7e00492e5852d6e5506f24dbb5f61a8b2d996b5e25a745b0ce0b11bf7e89684348cc122522be720ac6908a97e703b599cdc51ff4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads