e21cc4da36e055d51634987308b80bf749c47934f65db964ec59d7c97477751d

General

Target

493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
Size

80KB
MD5

493a2cf5857fce40c86b73a9f5877a50
SHA1

283d27200a22f1f977480adafe129329565931c1
SHA256

e21cc4da36e055d51634987308b80bf749c47934f65db964ec59d7c97477751d
SHA512

ad5073a49f196500a9ae9e1610220f3d3de0d1c5f6e3edbbd03f6b7cb5d8e5cb8a7e88a2755082529aceebcae5ba551e1255bfa27e117ea681934717e3f800f3
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/H:6e7WpMaxeb0CYJ97lEYNR73e+eKZH

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5029) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\nacl_irt_x86_64.nexe.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\concrt140.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\ApproveStop.zip.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp	493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\493a2cf5857fce40c86b73a9f5877a50_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
80KB

MD5
c34fb29063b8b19536ee417cce78a60c

SHA1
c1ba4a00048a14b4d2d84d7b382c1dbe642b6fc7

SHA256
382ddb578691a9ffe1910165c2849a78197a16297307475cc5f01aeafda317dd

SHA512
3c8ef16d3bb05f1528a6ea90cdb34f1523669dd0ff0e81042d622126f66e17d22aaa9cb4c1ed7a0f2024435c6011a0a3ca2476f23fdac0af3ab7412732ed00e2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
179KB

MD5
be7f93a5d89d6eab12026054abec0fa8

SHA1
5fc1412e71c15f4d3b84aaedcc0e923ee707366a

SHA256
b6a377fb605092346088f8d7d027e739efa7167fac1b29ee8d65b29cf6810a7e

SHA512
6c0f79b223af1a1019a5b0dbafa80f7060f72f72f9ec442b4ec02ce29fb34b65d4cd962f7ddc3cb1e23fc1520f6aa540c17044d4ba1d888bbc65e534a58d4731

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads