a5faaa2e0addc2c5d0f83e7347946a07c1f62f29322333eb03eac476df31b089

General

Target

1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
Size

89KB
MD5

1376ac98b4e42818edd380d19d00abe0
SHA1

5eaac5ac1db70f7e31bfa928c015c70be859e48b
SHA256

a5faaa2e0addc2c5d0f83e7347946a07c1f62f29322333eb03eac476df31b089
SHA512

13209a9e0cff6f7a0f0f774fb09433fd93b1083ba513649c86b8052d2f7158bf51727b8498cd5ad3db6809ac931b538f6d291a6010e42acb1d8b1484aa7659c8
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/7uH9uHpvGRvG3:6e7WpMaxeb0CYJ97lEYNR73e+eKZ7udi

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5134) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.LEX.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jjs.exe.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\vcruntime140_cor3.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPSLAX.DLL.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp	1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1376ac98b4e42818edd380d19d00abe0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
89KB

MD5
c03126b145034fce745def3016c85442

SHA1
9f0d1645852e15833b12853c0a463f6f81762a63

SHA256
09f051c29f422f96c298b3c08793249c83bdfead01fea81f370401a4b9dd713c

SHA512
67ff8ca8c69d861525dfcde23247f9a49d5acea8087b8d72609c176cd4e0666b07c04cd2141bea98ac0353f313c3db6bc77005aa9b24ea6312e2852e35909b4b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
188KB

MD5
28e689432bc573478eec9a2411bcb650

SHA1
cb5b908be94e57cc79ca2a5b5311c5a4e3d9a103

SHA256
9d72a032be91d01387884aeec093b9ec3d61ec74a75f3191c5c2f91ee4670281

SHA512
5c0ac103f2f4f4ba697de2262ff8ff09ad0f3fd7325de00abdf474a8c1e554d8b72fe2807c05d54ff746bf973accc889b182fe5b942deaf79c9e9c2a46e706e4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads