839288449f468739ee0d51fc0dc6083e76b786c483a7840e967b36343045a353

General

Target

13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
Size

93KB
MD5

13a18e505b94100b2b0c0045ab800b30
SHA1

5128367252a24995722e4152cb5fa656c1467bbe
SHA256

839288449f468739ee0d51fc0dc6083e76b786c483a7840e967b36343045a353
SHA512

ab4d78248846ad0043ebf2b9c2ddc0bdcfd1377565f2125fe00c5ac35a2ca1ebd422f9324e68e1e0c3f294c8781cde66d44bed357ed038d9c52634ff9637390f
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhJ:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsg

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4852) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\WindowsBase.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.VisualC.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Extensions.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\el.pak.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.tmp	13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\13a18e505b94100b2b0c0045ab800b30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp
Filesize
93KB

MD5
f9fb6454544fb7c4ab247db126bf9443

SHA1
18630b08bfba8df0454e94985007498d3d9fe5ac

SHA256
4c7bcd569e2b5b11c5eb144706a6e53dfbbccd3e41a21b4470f1e539f1388406

SHA512
4b03e5a506ab93e28e4bac887fd4708b16356b747fbda07bb6fa258c0cb10c459eb0dcb826413ca996d0835f84cb4cd6be990ace148d42e71bfe8516d180ddae

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
192KB

MD5
82f481fb5ffbaaf4d4a5647b38bcd5ef

SHA1
39523271cf90439ce0356b200788a74b26ba1c0b

SHA256
5b87aa2362f67592fa21871dc9fb2cacf0ce1c2bfd678aec6d53ff9d56046be6

SHA512
b32cc27cfd8094dfe6f285bcf5143820c5ecc4896624db56dbf74f2243e4826a6a7707c5ce5ea9221343c21ea187919d17b0aa7f4edd9e67979ded7beb255b04

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads