a502f4d4daf1f8a5622842445e66904896aaa3d9a632a099ab0553211a5617ee

General

Target

71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
Size

73KB
MD5

71fa0d00fdce547e738bf45e1e5b1e70
SHA1

e6440866cf7de4f83a923d3cccbd203fcc3a0492
SHA256

a502f4d4daf1f8a5622842445e66904896aaa3d9a632a099ab0553211a5617ee
SHA512

929c093aa5ab37171c4b4acc8897c44533705fbb72f3ebf51613965b8036664a636284b48d418e9e0d84292c102f8df4720f26c9526a32b91e154cbbdc473cda
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJw:W7Z9pApQESOHepOHe8G+6E65TGA3v4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5039) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\meta-index.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFUI.DLL.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.X509Certificates.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NameResolution.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp	71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\71fa0d00fdce547e738bf45e1e5b1e70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
73KB

MD5
d33b75b0b8cfce6d57915f295589a8b5

SHA1
4a6260f99f18ce6257a9c264e9135a406bdcc1d1

SHA256
b0ac0a2bab4cf1f4b9872f709599c4b4d1263f96797d5a7cfb713238898f59c6

SHA512
8ff3a780b24a686d23ae0b9b06ab41e0efdfaea215841bb172ff1c45b685497fb42ddfd4b2035a3456c90527aaa5183b4f6ed7d94ff7aee74a44b50e3ab4dde8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
172KB

MD5
9be55e1a112e179fe624ddb12933a709

SHA1
0bca2158123cf0daee28c67d27cb2047d317c982

SHA256
bfba6387f9b124c2f05a8dc698a95e850963ae38adb8b11538a14053188dfd97

SHA512
ddf98281e597ca1ed0aef4172122121efb9729760a25302168691b89544a53426a96fa0934be365de36e9305f1ed1d7df05aacd5484a5b8f8244f97916d6e69c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads