b694cebacf2bdff6169741f530efa05ae4042c23da513c7fb49d4aab7c2020ff

General

Target

099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
Size

80KB
MD5

099bcbb281528eefa00b4dbfdd8b9cd0
SHA1

72c287fa4d0b77ea9b52f99094a89428f84ef74f
SHA256

b694cebacf2bdff6169741f530efa05ae4042c23da513c7fb49d4aab7c2020ff
SHA512

5d01ca118c6a96f873eee2e42ca071a4bab3e6c207f31787b5695ef4e15da8700a98f1e7e8d54b788f0783bd04507df34bf4816a7f9aba615c1afc7929515b6a
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eXgTg2:6e7WpMaxeb0CYJ97lEYNR73e+eXgTg2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5053) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationCore.resources.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sk.pak.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\el.pak.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ja.pak.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\BHOINTL.DLL.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp	099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\099bcbb281528eefa00b4dbfdd8b9cd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp
Filesize
81KB

MD5
d7a71cad307c1ac402c7224d03ebea9c

SHA1
0efdeb45b59b2f6e9ac24cdfa33b4080c25077bb

SHA256
2aa55f0ea4405ee7fd848a673f6ef2763db55e28ed773d2b81df216b81ba9901

SHA512
eb658fd55f22908f997d2ef74ce31a49093a03c9f3a6008ca3d784085f85089a47375c84e93667d8271376decc6329362c2ca78476e41d111130757db0ad2cad

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
179KB

MD5
1b5c4afaa72721cc58a9f443d4034605

SHA1
be8d9357f30d396871117cb96831f2b8d65a2e94

SHA256
56a2697923784771cf8c77281e65d6737d4403034b40fd4ace43f4d1b059ad57

SHA512
2ae3b24fc64b7a767b09608cc5b04224a7899b6051fb7d385a8c65155981ac441f5e3826f82f59466cb67f560823738fe08f61d6dacad14ccad4338745439aac

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads