c0d26c4cae574cc0ee50946a651a8140a9fafd1671e1908659daf08200be42f0

General

Target

44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
Size

89KB
MD5

44b33aed751eed717fd1cfdf362ba1b0
SHA1

b1018eed81e7356597312c5eaa7e046c80d758ae
SHA256

c0d26c4cae574cc0ee50946a651a8140a9fafd1671e1908659daf08200be42f0
SHA512

6ccbbd9cfd2849c33a8f2ca4dd91a4210fba4454d868e87799b888b1b038ba22e034648316d1300d831c9c5f1023780ee9301e3be7b283e806bc86cc7fc38cc0
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhd:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsI

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4844) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\LICENSE.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoDev.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MINSBPROXY.DLL.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\GetOptimize.eprtx.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp	44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\44b33aed751eed717fd1cfdf362ba1b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp
Filesize
89KB

MD5
5b187497520fd8062c9ddd55b6bb8e14

SHA1
e6113780a80278b2f361fa78428319aba0d794e9

SHA256
b2fc690cfd00a0e4c9490920bdc2d7bd714bb5fb2caf4cc5781f93365c9e7c3d

SHA512
3d03dfe85b121fb1baa954a39a9cad25b3d632916cb7b30dbef11aa681f2ecaa0db6ed26ed96b8e82bbe99b769b819d7c2732463fe18a470c36ef0a52f4df352

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
188KB

MD5
aa27f4360bfc3f8f7f97fc1283f7fdb8

SHA1
7c6c249d2d0fc8f16f32ed4e1fdc34971a96eb0f

SHA256
df48a856d4a43313704a36db6ef81f2350fbff2436fc6704ccf10d329b32cbec

SHA512
7b3302bc0b124a7056048c49e928bd02c55a999b02786e185d53f1982f8b6be6456fd5cbcead1a499e7a52039ca6e8b2d239d9027ac17a97856c39f504edee37

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads