a8e976f696eeba4315085b439b07b596a3a7f33dc854d4546921094927b425a8

General

Target

fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
Size

78KB
MD5

fb67f14c0a25d5a7b91d894380d1d020
SHA1

ab496aa118a04133d341799cbccdceaf0d4c89c9
SHA256

a8e976f696eeba4315085b439b07b596a3a7f33dc854d4546921094927b425a8
SHA512

2bc1a7807823fcb3c6b455df7daca3ec80e3e3231f80c04f947c6dc452cfc406f1a0a85a9444b4faf417bf93b51d05f477f1b21ad12be112fbb3013b326169d4
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhY:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5120) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\InitializeUpdate.hta.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.exe.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.tree.dat.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe.manifest.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libGLESv2.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr\default.jfc.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es.pak.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp	fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\fb67f14c0a25d5a7b91d894380d1d020_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
79KB

MD5
a821fea0c2c84acc6073aa77941b3e98

SHA1
f5b0df60f4b99f926f8be5cf233f2ed61ec7da28

SHA256
c9b77c3739c4d81602be54384bd0b47f624182f597edf210a361218a6c74f4bd

SHA512
0a78dad8d401183e5652df11521091e56d7a0a3ebbf492934bebcc03164ad93199e749de94a045cf4bc4569af4c6b092e7c36d8218dfcf5da789b585189c8123

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
178KB

MD5
7ea320ba3a60ab2faeca154f53478ce3

SHA1
20c86ef832b4dab4d875b076e23b39ed4124b94c

SHA256
15a858c31a7b07c427b092edcf531a1e18f11ed6b017e8d3e17206fdfbac4aeb

SHA512
629b849c792f4f4112ca5dc8046fd138ee9a0fbf4a3c298838fb57a1740ddb1794bb72b7c28da81930f8501ba5d8707361c6f80c133d9a8de665cefcd5bf9481

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads