71a564d7fff24dee6e1cb4b93b575f4dfa4b6571d69e0956537f4da24ce92f02

General

Target

5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
Size

78KB
MD5

5e2e08a03b8a0486c9435c1016249550
SHA1

69863cb0f185f4a8f76af66878846a4271acca6e
SHA256

71a564d7fff24dee6e1cb4b93b575f4dfa4b6571d69e0956537f4da24ce92f02
SHA512

ab480b245819fd0e67b59106ce2efc714011fb52f08c875598d379680bcd23699d4ac7a03098171519d3f45db0e0b8948d7cd53946946f92aaae6b640589977e
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/UI:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcv

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5091) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WebView2Loader.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.tree.dat.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_iio.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Input.Manipulations.resources.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.cat.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXmlLinq.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.White.png.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp	5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5e2e08a03b8a0486c9435c1016249550_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
78KB

MD5
76257b3cc90ae42a25a21baf1b00f07d

SHA1
7ada6f5ca2801196c92bf17f729118696c538b7f

SHA256
cf3ee1a01ca1c72dedfec0ef349fcda3f630d8cbc4c6b828fc9a4ed07bed05ec

SHA512
7e1854c16800f22e1e7161e5e06f206eaf35ddc202871a529ab2879b191eda46b4cb3d25a14545237e7c801adc5071b724f1f185bfd113bda1bfd950bdbd8f8d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
177KB

MD5
c6892bc23f8fd7725ece1b25381ac5da

SHA1
6c1c4e295169d2300dba781414d12be41b4b759d

SHA256
ab5c3e89f498ba64bf39e6feae3127cc8ce0bf4ef94044f95573fe57c3f4f166

SHA512
9ef3757f93b7586ff74da23741e0b451928ddf95150842e606eb3d22837204bd3257191f328ecba8ec0cc6df384ec15b3bd075923a69acacffb43b4e65e6ce2f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads