4c69e600dc5e4e72dedcb6cf3a5161113bb5e50929d4d04272a6934a1ad37672

General

Target

9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
Size

82KB
MD5

9733a31fa534a8364c9550e8c523d540
SHA1

7820732e2c919a5960555f9b2233e813cfb7b51f
SHA256

4c69e600dc5e4e72dedcb6cf3a5161113bb5e50929d4d04272a6934a1ad37672
SHA512

72d5c9665726e81af7db98179dbaa6099ee9f12bf383a1571b10bcfbbcfd4cec578a80889f66116da141e6a44a74d7d4b09fc81d76d2e079d2ba3037721380b2
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKZJHJ/vz:69WpQE0zo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5130) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.tree.dat.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\d3dcompiler_47.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\OriginReport.Dotx.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Overlapped.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\manifest.xml.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\DESIGNER.ONE.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.exe.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp	9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9733a31fa534a8364c9550e8c523d540_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
82KB

MD5
b438c915c51c93786472d0c391904319

SHA1
4fd0b0f9e0b16a3f0d252157ace828cf05a56261

SHA256
524daf53039d3690e3558c7ceab647fd71d13797427ec13a13e5bfcc9d132451

SHA512
316f9beaf971f0834e820368a2242799b625c55984482ff1670f54fa6df48f4522e278fdc51ae3e9d40825a63706507a0c8380972fddf27bf23a9250a1ec7435

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
181KB

MD5
d853821e6d74f3f6338f158ee3f7f900

SHA1
ac86f3e3e16c2e12723b1d860ff060b2a59a6d00

SHA256
02cd5eb601a5824a7fd64551e7f5cc7c8ae0ad303f2e4bafa489633381043bf5

SHA512
557c7114f5fdddc73e25cf28df515e72c09f04b7c560cc0778a70e82cd571efa58e22d69419fe98c2d589306bf475e7072acfd02446d68e5c84aa6260252d7a9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads