c796a0d88e005d9f46662cbde414123888c2eee4d10d09ff63f5c4143caab3dd

General

Target

3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
Size

82KB
MD5

3f2bf6a98e74630b2d70137649196c10
SHA1

e0fde03fc43dad182fa71e2fffb3680a6c016043
SHA256

c796a0d88e005d9f46662cbde414123888c2eee4d10d09ff63f5c4143caab3dd
SHA512

e36662c4be027a602cc5ef2859b76dafebe29d76730295bee05bf654f45fd1119391cafc64eff3967e2c68025b4e8a53ddc544d4736e7e6091556364f75d9b1a
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lD3q5qr:6e7WpMaxeb0CYJ97lEYNR73e+eKZaDay

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5055) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\icudtl.dat.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 7.0.16 (x64).swidtag.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ul-oob.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.exe.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Primitives.resources.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\th.pak.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Primitives.resources.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp	3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3f2bf6a98e74630b2d70137649196c10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
Filesize
82KB

MD5
575aac993426feb1d16bef1f57064f5b

SHA1
1bba9c7337b301caf8f3ed01e3b651ffba20b564

SHA256
a00467364115cd34b2a3bd817b1f643ec1497d99999cb34bb21c249d91503ebd

SHA512
e4671e60fef25173e506e6285132903769219ebbc8a17903658594d4964bbc00839e5ffd173e36cda46ca08330178972c0d5549957b91606aa866f417617fc86

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
181KB

MD5
debb4215453124a60e375cf1a505f63d

SHA1
d8a20771ea823b0e23dd1af4fd9bf2654b79a208

SHA256
ecaf9218be9268fd70f309afa6d02dc67a514f01fa6957adfd8ec54eeb82b96d

SHA512
186068d1633e9cfa23980bb5868a67bea7208234dd31f6f80070607ad31b041e27462855873eb5fa39cb096af935a789e7d496adeb8affdb8c72878ab0ddc661

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads