d9446157ba3061e9ac84bec80af18e90c3712e6f1cfa7a7487482aef7fe09797

General

Target

68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
Size

129KB
MD5

68cc240d066d926b969094d49b9f97c0
SHA1

cb3870f2e3564705ba4b50c66b65d4c4c2a71893
SHA256

d9446157ba3061e9ac84bec80af18e90c3712e6f1cfa7a7487482aef7fe09797
SHA512

94d16cfecde162905f20b44f79b974956218b682d8ade1af8edc17f7787c848f998e0d1a90bab351282e8730e07017441848ac8d2a341c405c2795b284feaffb
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOe:/7ZQpApUsKiXBvzwvzXJvlwJvlw

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4836) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Input.Manipulations.resources.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hu.pak.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationCore.resources.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceProcess.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\110.0.5481.104.manifest.tmp	68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\68cc240d066d926b969094d49b9f97c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
129KB

MD5
cc9bd573db12238759657b36fc08f4d7

SHA1
95787300ebdf00665114955563c2641af2ccb0b6

SHA256
cddb7eed1f7110290f2597c0aff56683642d84618e4db5b06981aa00d94908bb

SHA512
8a22c4ee925532531bd7859dc4464a953942207a7d329fabbe3a55ecba599e978b74226238ffff2c22bd7fce9c73f041093e42e2a019709078edcf090e5f7a02

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
228KB

MD5
3fd20a53160903eeb6b1954729319466

SHA1
5385ef901d4773f98abe02d5e09b7b906664094e

SHA256
b1e71a0694434ce1b6186a31062a22215df0dc6d51d5ff04045b17ccd5646fea

SHA512
7f8cdc493983016ef038aa5b638686d9debcfe239e0bae4919bf4dd770f405ea14b2604dd10d8129954bc0ad132c32f4e9ec301873bcc26090307be5d38cff2f

Download Submit
memory/1084-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1084-1778-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads