622662292eba18c268f05592332e66423566f6ff037df858927434bca52a540d

General

Target

6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
Size

82KB
MD5

6b0749fbb7f30f842e264fa555e336c0
SHA1

63709c82598ad8a15411a080144f57a5e9e70984
SHA256

622662292eba18c268f05592332e66423566f6ff037df858927434bca52a540d
SHA512

912faf4daf0160d62b7ddf019c612a07dae39c090b08d4083483d5ff726c7c2c5ed38449d50dcd644f8dd116c9f2b318f405f2ee4fbeac375559e01f928f62f2
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lD3q5q+:6e7WpMaxeb0CYJ97lEYNR73e+eKZaDaH

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5036) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN054.XML.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fi.pak.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMB.TTF.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.LEX.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\resources.pak.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp	6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b0749fbb7f30f842e264fa555e336c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
82KB

MD5
db672f8272c59ee368dc90a1eeb0a87b

SHA1
abd0f0e851dc948a41fc61b93e1c9c8545b72c10

SHA256
a15af1dbf1ec789e4686451d24843724fc676e4eb4187ccd4b017426233fa9bb

SHA512
445b6d7c7866e38a19b4527b658d0fa05a60204300e98bb9375a63adcdf3616df21a85ac7dcda73bd34cb30ceb42fed1916de42df1c9ef3dde6d0b59f1d9b4a9

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
181KB

MD5
c5b7a656b6071fd1474795895acd1712

SHA1
62bc1abeaaca0ae8c1d1fd4934371da16d3218c5

SHA256
41c12c98986b896e80feffa108cbfc178ff90aa93e05aa9d571ad91e707efb5a

SHA512
d8bcabfc3cd6949d94794cab06573ea1f2331ccc5d49fab9f3f45116f4d6dbca4f15181c645e0258bc44a7ee7e92212aa84bd1796bcf34bceb8889494b24a17a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads