4b859c5e149c9671d323108513acdc9192f527afe13528aa8cd7e8985025c5ee

General

Target

7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
Size

93KB
MD5

7eb9c5b6772fe2271b0928037ccb6930
SHA1

a750f23e63fceda5bc33fb9183a844030fe64086
SHA256

4b859c5e149c9671d323108513acdc9192f527afe13528aa8cd7e8985025c5ee
SHA512

8afd61583cb5f41c7a0953cb7e11ad0ce7ff6a138a918ede7a7259dc77e8d2093ee0222787173e8c82651bfc1d01160e0983dc750c2d4b0bf155e791fd36753c
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNe0A0J:6rWpcOPxPke+e3fFpsJOfFpsJbgEU0A+

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5051) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp	7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7eb9c5b6772fe2271b0928037ccb6930_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
94KB

MD5
539595eb9ebcbc46b2fce3f308797731

SHA1
f5ae1558a1b8edf4d7169b9deea47e3c6ca4e763

SHA256
01c3b5f122c9f1746d49fcd650506bcfb08be33a652727439575d74227cfe908

SHA512
eac800c05076acffe7c7915db34d7de8b902a3b9e290705d3a781436dec315561de4a58d6515179f58736d28698dd83e32d0d2a0f5fc2e2a57729993e16aca7b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
192KB

MD5
0b950ebac833bdfb064d37251ee89007

SHA1
65452053a4f1ed1c7b6613b8418a80628b64a896

SHA256
8f1e81e1998906e3a22528a5db74fa4ef78addf05096c73646de53eb65782204

SHA512
b7e872dddf3252cf0d6698680876e86454ff6c4a0c59f5577777e3a168aa503de98fb0f671c313c8e526aa935a1298ed94e9a8d3997f9a39059fb045f938cab3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads