cc19c09fb71528c72dfa3c39e20de00257f81b551baba5ea57c955d9998218c5

General

Target

5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
Size

121KB
MD5

5a626880686e3983f54d4357c8a85260
SHA1

37545dde5f9fbcadee4fc041b89c0817b465847b
SHA256

cc19c09fb71528c72dfa3c39e20de00257f81b551baba5ea57c955d9998218c5
SHA512

784105034e9cdbf1ba8acb7e68e1d0e3ac0bcd9546fb28f09329c3f13e5d86be9cf3ae6391ea6d1e1fd161dc43bcfa79a8622f14b4bd31f2f6ee955e3acf14c6
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVze:RqlIyFESWu0SWuGSy

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4841) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\msipc.dll.mui.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\DisconnectEdit.sql.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeExcel.nrr.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp	5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5a626880686e3983f54d4357c8a85260_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp
Filesize
121KB

MD5
f58bb72e45e9b887ca38ff9b908f5c6e

SHA1
0ddb6fc34288612467e51a85b977c3150316a1af

SHA256
32135e86b0ec1051a0c80fe6791e20e69e517ac326807e7409462ef7b120d16c

SHA512
57f6716070b98139996d3f4a98f387eed4f021a74bab2de16a436f2a092c2c6357bc9c36d221e25ef490fc6fc86b0132d16a3774bc92af8a27c6f4c55ebde02a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
220KB

MD5
ee8c2e13180b8802f3f9c0fdcee8a046

SHA1
206d17f3d9904ff3d21058ce66f2f17d3192eabf

SHA256
5fd6456ddeb491b0f8e1e8d55ac7cb57582ea5bc1cec70bfb28bcc5bd5dc250d

SHA512
d0ddc251b2d8d299e046005f1749168496e23d8fd13c8b3d5e5326846e1b88d41560b8d3f7a18fa72dda7aa02b5af6d0c5410d71d29140e0404ef7a2480c8753

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads