9acaf6a1f2c2568a47b347df019175a4e2683310d5fa347bdae96de835fb8327

General

Target

8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
Size

83KB
MD5

8d31a2a89c3c0f145b03a4ccdd80f290
SHA1

a9e7a8f222b81d792f6551ca98149e927917a0c1
SHA256

9acaf6a1f2c2568a47b347df019175a4e2683310d5fa347bdae96de835fb8327
SHA512

07a0b48d3fcb5920fe10f73aaea5394e7d04ed7b1278b058bd504e89c66885a4d42bef700cd21c2a74bcd8de9bd065c46b261368f3a811815fce59879da1acad
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKZJHJ/vsnRnh:69WpQE0zrNh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5154) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.exe.sig.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsFormsIntegration.resources.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Numerics.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.tree.dat.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WordCombinedFloatieModel.bin.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul-oob.xrm-ms.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointPortalSite.ico.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\net.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationProvider.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8d31a2a89c3c0f145b03a4ccdd80f290_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp
Filesize
83KB

MD5
96f17db7d5a28bc09411061d20dfd814

SHA1
30190f4975c42965850183fd96caa08a41a8071b

SHA256
8ec4ef1b045376004b57aac551ee04c204cc0a44b2eaec66c5aeb586984242ea

SHA512
5b9227ce621f828c7fbe74ed6f80be2bf0eab5387b068eb0cfcf3bb192e967ebd6b56105dcf206d141a3d6b6a2132d3797424839af9c194581e76fccfc90baed

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe
Filesize
182KB

MD5
5f99bf46160a79f909bb962792427c5d

SHA1
9c2637dd78898b4fbc9179c29459df0d2fccbc53

SHA256
4de8ea1af756a5346708f7144dc47973836123ce3f4db17139f80fadc981ba4f

SHA512
833a33fcf5aa5b3e56f662a31ec3445bf706fe48c538c9f46848f3bec6b70a6d58f670ed10e56414881c4a7abd91e3f1944b887703a981d1614027837a36cf64

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads