5a4ff810da10adacd1e3857134ebb0e733e19ca025560e24c11bd7cb1fa1d401

General

Target

6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
Size

84KB
MD5

6be55e4c02e838cd28437b5591eabe20
SHA1

5deeacd3fe88f4c40cd054d46145f8539702ba3b
SHA256

5a4ff810da10adacd1e3857134ebb0e733e19ca025560e24c11bd7cb1fa1d401
SHA512

60ceb54aebbbeb6e12fa67e61e9b2d0d59a6a3d6a0c3513b79588381a1c4f6869862461ddecac5f46f65b78ccf5c9114868c351ebe01e8fd87c5ede9d3b1cdce
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lDa2I:6e7WpMaxeb0CYJ97lEYNR73e+eKZaDaZ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5028) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fil.pak.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\upe.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\MSFT.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Input.Manipulations.resources.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\pack200.exe.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp	6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6be55e4c02e838cd28437b5591eabe20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
84KB

MD5
b39673cd4561ace8063d8bc9b6467f49

SHA1
60504b19d8faff674b53d0d0cde2c2240ddc6dc3

SHA256
3f575561632038703b5fd2a3c677c6a92cd0592a11ee999f84892e04aa11b722

SHA512
572e586624e6966e04c3dd9df7d376911a38f1fc69c59f1c3a776eeb9359c5e396020476315b347175871e3e90b7df67fcf680abf6038410d4f0c08d4e412f98

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
183KB

MD5
072dc16355459c67f092659040d81903

SHA1
781491fda1d55bafd9e54f4df393deced35c27f7

SHA256
cc8031b78141a391ef911ba33dd056a1fc0cac28261c45ff7609d9c1518e0aa3

SHA512
03504f910d2822f9d1d0ffac106d80c91d73571c2e91d94d45bf55698ef9bcfc227fa8c08d4134e547aeb53c1929be9f7edbbe428b5d1d2ddb4d43d7afe87dc2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads