88e826ede0ba909deb169680de211eb57b0a38fb5dd527c0135d4e3546d5464a

General

Target

ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
Size

71KB
MD5

ea2420c096f01643cb9102ec9d31b8a0
SHA1

a5e197bf801fc93b010195ac82fe1dc30ec56df9
SHA256

88e826ede0ba909deb169680de211eb57b0a38fb5dd527c0135d4e3546d5464a
SHA512

87abb9a298f6ea617b9003cd465625a98e721f83a03a5299d1e69bb6070aaa05071613f0b3c2566692e954d7f33fff7a18b6ccdb0b375ca5628729801014c372
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/UE:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5200) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\REFEDIT.DLL.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp	ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ea2420c096f01643cb9102ec9d31b8a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
71KB

MD5
80039907616f7a05d4fc5d632efbfa70

SHA1
279cd34732dfbc158883e1e9d982b68d3a422bbc

SHA256
771567e6a4827b47460933d110111dd0cc749ccc379b19687b422d8b5ea3adbc

SHA512
9ec29182b6aa76e4a3e1104138bc90d868a1bbee9ba075b530def7ea556ebdb3e4121711e9220b73696ffd786a8323bde2b14298d6a26ee504f4b70d6fe66897

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
170KB

MD5
278d8ad7913b4a6203ec1762c38701a4

SHA1
1b8603362a54519a3739d301998ced643b9152f0

SHA256
32178cef979bff66a4d74a4dc41508a917f856de7a51712ee7e04288458677b6

SHA512
fb6917691f96fe18ac8d1dc7d694cc973a65cda49f5d661645929b1930fdff66ea4a86106086de55e6671d090ec0fee17da2d71a6eac357acd8a0d61ab0d74a5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads