0041c9a0f01e2fc60fecd3c75f95ac00366d0364ff204354468292c4670fd797

General

Target

5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
Size

82KB
MD5

5b06af32c779bb9050301dfe050a8ff0
SHA1

96ff1e3ba2617e0c356e64d4950c36e916877790
SHA256

0041c9a0f01e2fc60fecd3c75f95ac00366d0364ff204354468292c4670fd797
SHA512

5bbd8dc225a8771a50caafa5ea43f887c06e754491e7be179cb9b41d0759129ce9f919a9876140a9cc75a1dd9629f87f0f56a8216ff1f9256d71dd9df405f878
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKZJHJ/vR:69WpQE0z6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4866) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EXCEL.VisualElementsManifest.xml.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\splashscreen.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\CopyDeny.odt.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5b06af32c779bb9050301dfe050a8ff0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp
Filesize
83KB

MD5
3c7f3ec072d9414630345a346ccde1d4

SHA1
64aff1a664cc7c528521fb20386c7ccb75b3d03f

SHA256
4dd3f1c1e6845f100be6dd6f1a193e1e19c9fb3a739ef515b5f786cbac4d27be

SHA512
11061e0cb70b6b5f988c3e572b60630e938050b803292c63f81a4f2de90a672c38d2952ceb857bda224abc890f48b93c450e631dc352e0ed63cb0c83636ae799

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
181KB

MD5
2133ddb7590a99116fa9e42603c19104

SHA1
16f575fc2ff4b5e36c9f4fb3173e997565d3c13b

SHA256
7c16bf98f93dc132033a4a5b0e09b64b9c8c397d1c2d43575ae2c26fb8ef849c

SHA512
5c8ad62f7aabd6a52bfa6109bea2bf7473cc309f9eec06ff8cdb8b5e2cb54afcb72003425b1279b08142e074139ed590d6d3830095461c78cf02befc6b0c4474

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads