ac502333cc0c2f325fc35116bc2c85db2be9119829fefb50b561e444162ef85c

General

Target

3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
Size

95KB
MD5

3b23f3352d6ae7770eb59a3f53954d10
SHA1

9025feff9cdd71b4306619623c3f295647c4db47
SHA256

ac502333cc0c2f325fc35116bc2c85db2be9119829fefb50b561e444162ef85c
SHA512

9e8460fe4b6642396ae4880a01f2d026d6e450f29272c1deeb976f7a1b2c3618c0c06a8503583ab085b0c3fa85b0a5f3eda25d9b9c6ebb10ddcee24d46b443ad
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNe0A0/:6rWpcOPxPke+e3fFpsJOfFpsJbgEU0AU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4828) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.DispatchProxy.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es-419.pak.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-140.png.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClientSideProviders.resources.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PowerPointInterProviderRanker.bin.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp	3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3b23f3352d6ae7770eb59a3f53954d10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp
Filesize
95KB

MD5
4d7f74db3833affa3c6affc154266d57

SHA1
8d63d2c3224bb95b569eb324960a3ad7eb639c5f

SHA256
cc931434096ac8e0598d05fa7218bed5c06aef0f8a6536a6c93bf85bb6a200a5

SHA512
0410c62c5378fcdd696d72a36dae125ade37a50358500737d9b715048182a52cb1747aada33426e1807c6afe07c515d9cc6c0b484c9123bae9714bdf4d9b527f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
194KB

MD5
6368e7e98f77311a5dc2e0b1a7e92446

SHA1
60ea28d828849e11c38e31ec6579f0d146c79f1f

SHA256
278379d71acd008dfb0bebe7f92c093456356e37f844b0fdb4c43af166c972fa

SHA512
5be8954e58869759054433473425d8eb055303c1559aaee3a748bfe5ca1e753ad94e4e35d9037a618608850a27d9a618f72c77ae600598a32069fd9f1917706f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads