dea294589123eb06979124e716b5044ed663bfcbe1ff6f6078321107272b1e81

General

Target

1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
Size

83KB
MD5

1d3d5c6aca754d4bf94994d13b5bb830
SHA1

aa6c1dcd9b1b0c46f862fbe13149fb0fb23113f3
SHA256

dea294589123eb06979124e716b5044ed663bfcbe1ff6f6078321107272b1e81
SHA512

d80f1c7726b1934f22041ceb69550998e5ae94b36ff9c56ced80a78c4d4022dbe6e1b5e7a309a276ed4dbaa8ab7b9f6684d0556b177159f88191d98dad9db155
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhD:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5189) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Xaml.resources.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointTeamSite.ico.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\Blog.dotx.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationUI.resources.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunmscapi.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp	1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1d3d5c6aca754d4bf94994d13b5bb830_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp
Filesize
84KB

MD5
1a7b42c407c00e3138f1dd3bd85a6ba6

SHA1
95ed867e264cb1d6dc0efa6af98b789b95f3c3cc

SHA256
40991fa330f124c3753227fddc8fcc4d97516000f5e31c1fd5391d45329e00e6

SHA512
8c9a09d585d8fafd336adb86b212e731c4bce0991ec5769bed6d9779a7d729eacab2e2ccd63a550f4b74265eab721e2db5e0a29e92cf049a6c62d083c670ae68

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
182KB

MD5
6b34c149c3fffb22c485a3d72a38dbe7

SHA1
be931c439482f2becd6a66f716c70d04a30c8c39

SHA256
ff3bf31d0a0928925bfba6f7c99fbb4b4d5a0b50e87e4b1f924597fd9797a5b0

SHA512
5595ab8ee64ef5ff56a59a20e3b40f9a001ca36cda3102e2ebc88cc86d6ab627742af9c39d5224c25dbea6051f6106b58e600a184f5d9f13015fedac37515a83

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads