e3e17a48639636d2a4da33c8a5a1fabaf3676fabeb73d1fcb1f17ac5a968a800

General

Target

5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
Size

95KB
MD5

5ade483c43fb6fdd463ade290e75b660
SHA1

328c01d110dc5517451ad6384d515772329b1937
SHA256

e3e17a48639636d2a4da33c8a5a1fabaf3676fabeb73d1fcb1f17ac5a968a800
SHA512

2311ba90b98866b3b5980c54d38dcbad99bbf50a6e7022c818ded16eb70ea688821645f628e9227f95b1b152d39b6656b3b0e257aab19670aef49aa99a40b7cb
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNe0A0a:6rWpcOPxPke+e3fFpsJOfFpsJbgEU0Al

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5021) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark.png.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAME.DLL.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\ExportComplete.zip.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.map.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN010.XML.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsBase.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jhat.exe.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\WindowsBase.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-BR.pak.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp	5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5ade483c43fb6fdd463ade290e75b660_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
95KB

MD5
40cc4e9eba6eacc009ec017c7b4f6ef7

SHA1
3593d1cfd31bad1bb5f0a5745714a398be471cb1

SHA256
7b9f824d8da5598e50876363fed4ece23d0b9fe8bbc2288ea5c18e05243c6954

SHA512
be87f0a8adcac6abc177364c8da160caf9106d76f97156bc0ff891a38ccd133192d10f1bd1750bb94c831641ad13286b6e1d432902303bd0ab307e6aaa472c10

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
194KB

MD5
dcd75c58fa0886787759cebb09111b49

SHA1
1b02a5c21eff86c0643465e49d7f8e883f744a68

SHA256
e0db96257e5d6db01189159b62fae1b5c8f956a3d73000992b2d9bd3c63ae752

SHA512
55655aa997b82da2dd5ceec3615268faad0774fee974aa4600d85d19e5a55c5aa9aa9ebbf14a4fbce05050d908f66152bc88d4263ea492c32389e2d6c5ad3810

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads