2880606c9baaca625869e6151c1945c096b468d4aa19e835eafcd590a6352658

General

Target

69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
Size

74KB
MD5

69ec86a704772fe48cf75c223bd50820
SHA1

c8fe5cae3718070ad922f95dc7cbba6216431a5e
SHA256

2880606c9baaca625869e6151c1945c096b468d4aa19e835eafcd590a6352658
SHA512

e64bf4d6b9649297dcd22031475a90ad5c64cd6776623d897540ebc0ec25e6db60afff2b9ab1970c9c6cad46b333e165faad9d320ce84386bf8c5a0fe336a7d8
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJD:W7Z9pApQESOHepOHe8G+6E65TGA3vb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5027) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.js.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SEQCHK10.DLL.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\strings.resjson.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.png.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\catalog.json.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Xaml.resources.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp	69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\69ec86a704772fe48cf75c223bd50820_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
74KB

MD5
b80ad5785e0daab1a80b278518c2d92d

SHA1
7b50543935c76c8dbcb4bb5b198e1c71caacb797

SHA256
c05e03ff86545a4efbcb2357a19b45dff20fe3439d0e35a66ebaa1e996ceaa01

SHA512
9fca2087dfb53241e8641a5e987f225b0e1661811074a10e4b064430146a9a475f39761d590a1adc908f866a2ae15655ca24534d548facb08810c519aea2d686

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
173KB

MD5
7216b5e6f732f77110416b0096df0431

SHA1
d65361d25b560c5843c3a564849413811a1f1621

SHA256
333de2f3d1a57d0b3cf9e8bad91de45e3fd90ae5b3e7bad1c55ddfc0fb316f1b

SHA512
4c676a805c5d59feae3e3a124cc76766140fd3293a3c26c90c89c60967b2009b20d24e08ac7f6dba49fe9e09255cfdc2b818a93bc77086cb865ee331ccda1bc8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads