433d9471d164433aecb85c61e35862832641d9a914221195ef2a9d51764b8e8a

General

Target

7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
Size

93KB
MD5

7690a8109fd6ea316ce8833953a938d0
SHA1

96237d110f70da15e389e8b55fd7fc7a908cedc9
SHA256

433d9471d164433aecb85c61e35862832641d9a914221195ef2a9d51764b8e8a
SHA512

8378c550b89fee6e1d5200dfca794569e3a698fb30b11bde0f1232471021158c860795470acab51b7ee4a0c3dbd02a51e854b915c40c9628f9c31c905abeab45
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNzyOoyOo:6rWpcOPxPke+e3fFpsJOfFpsJbgExEo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5014) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\DebugShow.xls.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\FileSystemMetadata.xml.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.LEX.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.White.png.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\icudtl.dat.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.png.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp	7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7690a8109fd6ea316ce8833953a938d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
94KB

MD5
226d03f1823f568c9d293a936fd18c72

SHA1
505c185f3719dd208ec8e7f71f920ee070a1a083

SHA256
2b98e48fb0d0d82481be4b2d517190c6b81cef0a2fbaef96b83de33ed655892e

SHA512
1f8a38f510c1b181105e84a651a4280a5652b395b7c8aace01e489195176b92fcd2b191fbd06ce5aeb2c878b31c5ed4877a4dae3f2ed026719c5200b7022b156

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
193KB

MD5
dd78c88ea7cbfb1dab3124a76cd9aeed

SHA1
16b46568e629137a3fc7e2137c5b9451df8ebe7f

SHA256
c0257e90c0b3255f41c46742f0a9c88a6b168a2bcd8c297ae2382d3fe481e70d

SHA512
8176048bd6c0b51a3d1afc301fc7de7954845862840f3778ac65a7e50cd773bcc50d23d11c2d119ca35e2b4a7864cc1022557c68698e93a60ba3fb98c4e14ed2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads