884947e49ec90cbb68e6f130dbc7c66db080f5ba735e077c758c6a21c8344601

General

Target

6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
Size

71KB
MD5

6565613aa990abeb5df6c5c83591a100
SHA1

3ce8225de79c0682481eaed36759564c6c031433
SHA256

884947e49ec90cbb68e6f130dbc7c66db080f5ba735e077c758c6a21c8344601
SHA512

a2b389521d1c239058b53e816b67a8df2bc1cc8be9cb76a3b1f6b535f33101c49bf16a1a95f260001d1dc27d24a051d0222c4916d72cfa54297cda69cfaee886
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/U9:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDca

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5039) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\CompressMount.rtf.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bn.pak.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationFramework.resources.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ppd.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nb.pak.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\ConnectUpdate.iso.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.IO.Packaging.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp	6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6565613aa990abeb5df6c5c83591a100_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp
Filesize
71KB

MD5
aa7ec968ecc45350527054a61c6ed7c3

SHA1
8e176da134414b5343d86c2e51a450e4e8ea7df3

SHA256
45ff453653b32de024cbc743987d9c3acb12d2cc666e70c89a6029b97890ca2f

SHA512
4f403b8dfac2d3d0a71b914a2d5cc67525b0d78321fab3c13f87292639f93f09024c2849f9c1378679ce9dedbb3f9b7bbcf02662452f949d0032c1e86da88479

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
170KB

MD5
ebf59ab199cec61f11c70ccd392819be

SHA1
7184623ecdb79c321ce40304ca850c760b858ded

SHA256
c0eb31546743bbf153c7d2da0e7362d40ff5d9d7e546a4b84754cf57c3b73e30

SHA512
4fbf781e63dc55ceaa4699e5ed3a89c8f0522a5d5370cba0b331572338e005042119abd91d5967d758856716999e8b54a596bda90a40ac9b6518ae6d4af72219

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads