ebaa39d6302ff44842922d549e73ad63df46d5bb2a0620443c71eb29782b5f3f

General

Target

5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
Size

88KB
MD5

5ee25492defc9c1eaedf2773c5367160
SHA1

5bc33e732b038fcbfd499bf2e03ca640ccf04525
SHA256

ebaa39d6302ff44842922d549e73ad63df46d5bb2a0620443c71eb29782b5f3f
SHA512

fdf5004a44cb51ca7f5c1d07f88212ad64808946e86a0b9fd6a39ddf9fac4f86d453142154881f6a065de914a604b531f4be79a8baeef839892e87bcc90c67fa
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/2vgvGRvGe:6e7WpMaxeb0CYJ97lEYNR73e+eKZJvG/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5043) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-ms.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\vcruntime140_cor3.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp	5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5ee25492defc9c1eaedf2773c5367160_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp
Filesize
88KB

MD5
512dc17315668586d8b02f50eb5ea310

SHA1
ba8d836740b154877f51a7a9d8121dfbf901b941

SHA256
6d105ac3b48282811a3b377fb6b9be90460fa874b9b5502ed7979faecd216f0f

SHA512
8c5999cc16c5af615fba98aa017d701ad1da1f778b752d1dcc26658144fea398d359015327a264ef98333043316654f003a812b048d5d501aafce34c3ddc457c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe
Filesize
187KB

MD5
51d0e37e10ba604e1f33949bf20f59c4

SHA1
943f08cc3c89bbfa7a3d32d7b9e5bede16d170ae

SHA256
8c578bcb85cb72054fd35accd0fcf0a1624b9927a68a13d5c52cfbe64f3878fb

SHA512
4a3b2ef7fec93216192cb970f572ef4701e1376d537720383534b85c47b77f00a320de9afc02044df36c14ce33472cf1995a792c25d0f7468c73800f912b1b63

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads