b310d326ace79d827c1a1399c3e5f5d0841467417a12843d3102a32b49e35e31

General

Target

79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
Size

51KB
MD5

79577309e33797f38085269b2fc00bd0
SHA1

fbc150475bd06fda587c9b6a75abec3363bd8af5
SHA256

b310d326ace79d827c1a1399c3e5f5d0841467417a12843d3102a32b49e35e31
SHA512

5c8bab1f92ebc98e58b720dd9c78c89539d27be3d815ef88a6106ce86b59a4a60990dc20e070c6aeecbb4616ab904fede7f86764f06fa2374b3d3c8008dc89bc
SSDEEP

768:W7BlpNLpARFbhnlkYlkE/QhnKhnFqqgf2qqgfN:W7ZNLpApuZlZKZgfffN

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5251) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ppd.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.boot.tree.dat.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICBI.TTF.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VCCORLIB140_APP.DLL.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPCORE.DLL.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ul-oob.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGI.TTF.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Parallel.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp	79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\79577309e33797f38085269b2fc00bd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
51KB

MD5
d25d716061bdf367f0a461d31a2084f6

SHA1
46da52a39b254cc85d96730b41e77fddad1031b0

SHA256
771f46d1c55228f2488350b8a436e9161a70afc2da951811ddde99a0106991a0

SHA512
3ffd0b1830c537b4fd31347cab38e00f4090c912ad94758c124f3f35af4f225aa689cced3024c417fd88a62734c7d020c82db3ac1ac34719a571e5232d023787

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
150KB

MD5
d23d1de55934f2aed6b9e21997cfc336

SHA1
c81a4d40577593510e9d31d69175845c7d283bb1

SHA256
2bc4d9d88a602d34df62a14ba46fe3dd3aac21a7d1d7273fbf54977130bb2668

SHA512
8f9872544a00f6c915d117b04965735e7748c895b921b453778d5b7e5d0c82e586e716177594f0bcfd3908279595246c2cb6385ce9281d9c35d5a9b2265e6bf6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads