668f3813d636f84d437f7ad256f0782b9207d717cf44c014c8e1181ed041175a

General

Target

7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
Size

85KB
MD5

7a793ccdb6ee7b3b73c61fd81a57a370
SHA1

b96f565591f216c5329cdc06b0b5ac9524b8e8ce
SHA256

668f3813d636f84d437f7ad256f0782b9207d717cf44c014c8e1181ed041175a
SHA512

021f9d2dba0c449ea31ce307c3ff9675f011bd6ca1b1f12bd82ee825cd1972d4f296756837be13d80992ba2e7dd67520f1ec82b7d384cdf68786eecf02f572b9
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXaA:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5042) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xsl.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemDrawing.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.White.png.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SFMESSAGES.XML.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.LEX.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\msipc.dll.mui.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-oob.xrm-ms.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp	7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7a793ccdb6ee7b3b73c61fd81a57a370_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:5000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
85KB

MD5
a9ba74e73466035b8c3225f313b44a57

SHA1
a5fc72a2ab51fa4902dc4345a6b4343db5c64de6

SHA256
8cbb66a5ef2f7b25b21a523ef91489677a0dc8ab9673e9c403f7ea514823b4ca

SHA512
eb04afb3609b3cbe99c9615c36ad4977c6fa327196c2f0f9d623d148ec0e0b8eeb33f8cff91d37a286e0f1d60b391474a30d47fd8c1850b1a85ce3f7329f78e0

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
184KB

MD5
8a375f2c680e076bdfdc7a45f51dd1d8

SHA1
b471dd09867f573ac2ee4edcefd9311c654f0511

SHA256
1a46b9c516902c4753ff2fa45629e97b0667fcc8a8a8b25f720c373291a2ea6b

SHA512
97d0ac58c5b6c2417c942e4d8c0b59dc5e47a90cb7f5269f75b3fd4cea4d456f58de1d642753fa7f9337f1d59698e8be5914f0ffd7f6173de2344214dd17577c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads