14c589286a4d0913c0400c5101d115ba580eb238d4bfc67dae17b101977ab12d

General

Target

9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
Size

74KB
MD5

9378df256e769f2b4d3489e516657c60
SHA1

51cf559635a58fcb42af03bf16142b5015a71507
SHA256

14c589286a4d0913c0400c5101d115ba580eb238d4bfc67dae17b101977ab12d
SHA512

6bd36a0bbe1e3112eca17de6a0bae69f7da915820c73d9fae2f53861d41164c0d1c5644563116aa3a9bdca9766a424cafe9cae23bb1f236e690a50c31c13eb4a
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKZJHJ9:69WpQE0zq

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5165) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.boot.tree.dat.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationProvider.resources.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsFormsIntegration.resources.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.png.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\instrument.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Resources.pri.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp	9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9378df256e769f2b4d3489e516657c60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
74KB

MD5
ff14e1f4a7d1ca7312fd3154fd897479

SHA1
d26ef56cc903780d03a22788e0983d78378f1a9f

SHA256
991cc83bce3fe5d749c0a9d301d419d5dfab2e733e58dd17fc503ac9d2074a1b

SHA512
a1892622d38576ba482cb86c04d2cfe352d18250e0f48ec2ed6c06f0aba4fca6ab3d1503f2d9a78546288c3abb9363a6015e38e0dea9018181fb9cafd3865510

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
173KB

MD5
7c01143ded84403cc2a238a14cd10193

SHA1
3d115f72deb1b9f6288ac2f555dd064bbf721397

SHA256
75930eabb4c0b7701a3b7c959485107062a6c676f6188de7b9748648b0dfe97e

SHA512
6ae3620cb9207ffa3a6c38d70b7f1fc229bec51a8113fb02ab72d3bb0a43d82d21271fc70c7c2e8ec5a565c5dac897d3462ecf12403c5071959d0aebb4f7b369

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads