7b4daf97416ff66cf6b5b2bbd1e2e63e177fa2fb070ddf1ddfc5391d455c7a46

General

Target

8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
Size

82KB
MD5

8222e8c2952df906e16a601ac2e5e460
SHA1

36a0ab3c0bbb7c88e9ea456dd359baf52357916c
SHA256

7b4daf97416ff66cf6b5b2bbd1e2e63e177fa2fb070ddf1ddfc5391d455c7a46
SHA512

cc8b3770013b9374c64b3963eededf11eaea6f53ff5f4c302a3fa8ad3d7f044c2b4ba0cbf2a0e7b653f08a0d1fe36dd937e3c5915d8708c9d4b879e708afb414
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKZJHJ/vL:69WpQE0zg

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5023) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre-1.8\lib\classlist.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ppd.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre8\lib\deployment.config.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.DLL.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ja.pak.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\110.0.5481.104.manifest.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es.pak.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8222e8c2952df906e16a601ac2e5e460_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp
Filesize
82KB

MD5
8faa47d550ecef7b567eb347605c5d2c

SHA1
9c251eb3e48a437b5364e9e6ee9335766c747920

SHA256
d8ee698f9a20afe5360f868061a1f8d386f18203b89c6373fdce5a71b75732b0

SHA512
26576d84f536fbd2695c0cda814bfb475a941104647ba63a451c70cd8dec80759c7ff6d73ebfab4aa039925091f3af23ff1a15328129d5a933fe5bf190d5ad43

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
181KB

MD5
1e71aef986e9a5534220f7b7ed3dd5ed

SHA1
6e1d972134c8233996948115d617cd242795ad53

SHA256
d646dd2999e46c39901d0c12487ab9846d5c04ce7490d9c3ed2e41b9a7220a33

SHA512
dee42c01246502e3211d0f5848e1fe774eb5eefc107142bcd3e7f723657c85985a2f2556b89fb208c5e0508c606e76c30dad822144235470ee2f326539d2b6e5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads