39164f0ad6409acda21723bb097a98e1fc5a5ff8786b83feedcc599730ad2000

General

Target

7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
Size

75KB
MD5

7119f140994a67cd515550d20fa9ab80
SHA1

33068edf25a727aaf72c6147c4da172d02972c57
SHA256

39164f0ad6409acda21723bb097a98e1fc5a5ff8786b83feedcc599730ad2000
SHA512

e54863c6f1ea63eb5b39895d29181d90353d8a5efff8671fb636946bfc929dc5bcb9615a842430c6a39f25af8587dc72e30422f09fb1530d875ad6fa8fe46b3b
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/U4:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDc/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5026) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.White.png.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.png.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ca.pak.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClientSideProviders.resources.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000C.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7119f140994a67cd515550d20fa9ab80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
75KB

MD5
d1f51bcae88fe763e0a7f10a2bc61fb6

SHA1
858acd5663ad156d41f04f828472939519df2ecf

SHA256
b49dba448bdc561b85526ebfe393aa77cf189b42f653ba6fa27ae3ce472533ca

SHA512
0eccf00920b2e66fd6cd2a56a391b42497f202abc73cd81d581aca41df184786894881f75b9baec2e2ec4cc97ceda89667f4807681ecf979b3b36753b9d04fca

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
174KB

MD5
9df529316dbcb61d03bfb8e2a863e88f

SHA1
8460261677eaddaa712e378a06efa2984cc05dd9

SHA256
ee8711ac3c780e6d59d1598cac476c4a30d008cf26aa6edd55d8bd53cb19fcf3

SHA512
4ae953a1c1d399227afb3659f5b4fd3e782390782f1741edd51004f2070181585ac9470862f1f7d9c5f94f86b039fe92460841cce58e76e2853f1de918c0a8da

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads