aa2cfbd1dfa3235a45e245bfc899b78020147363f8b3ee928119b6facca0a149

General

Target

f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
Size

84KB
MD5

f06a0b06094bb04a9a72359820fe1e90
SHA1

cc596c2366237cc9cb9398e331ff58de427ceadf
SHA256

aa2cfbd1dfa3235a45e245bfc899b78020147363f8b3ee928119b6facca0a149
SHA512

5cfac235751cd65282d75168f31f27d6336155d982049c1f8ed07d846fa87cd88ce1b3b89e923c8aa571e901b221e785d26836f7deeb8284e78c82a130882495
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXa2:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXv

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5039) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.gpd.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsBase.resources.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ppd.xrm-ms.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_socket.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONINTL.DLL.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\ssleay32.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\nacl_irt_x86_64.nexe.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-oob.xrm-ms.tmp	f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\f06a0b06094bb04a9a72359820fe1e90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
84KB

MD5
61f94fed1dc59ceb2c335794e5f14152

SHA1
41912d1a6736b0cde88006401328a357073e841d

SHA256
98758b565b47f4a3dd80e2f1bdd8d75c126e96e6671f9c691455f113760cf71a

SHA512
c27dcf3866fb619ac5b95533d586bd457f4c90c03d105635c7fc42e168420a54df7b9d9d28eff260fafc146cd60f6be8048c276ab2c43bbfb585fe2dfe8bf7e1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
183KB

MD5
0a4178d899116715df2327ec2f0c41e0

SHA1
2ba904439e7da371f00ac20da6baef8de1ed673c

SHA256
da28a429ad0a4e3d87e7f344907ea6867840663b395e6b6d1c77c51e1fb0eebc

SHA512
b089839199e35315189f26c8d2896b09f3dabcbefbf3bb80ab85e298c4711aff030f6da2c941c138d6a28d22164c887fd2afc3a3b8b8a2c5ad73a20f17b17ed6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads