36e3e35a02421d8b861bffb6551ec8fecc9f28035a1e5ff187126006e172bc66

General

Target

2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
Size

80KB
MD5

2e630906059c2cc01e4f8cf28b530d10
SHA1

bd906258bb619112903590309dca84ba8d4b700a
SHA256

36e3e35a02421d8b861bffb6551ec8fecc9f28035a1e5ff187126006e172bc66
SHA512

81a8becd4d5f335550c5906d42da2bf69a6f5db8509b7cdb4b5cebdcbde68213c24e129c27363afdfdf7c0bd31d216778ef40a50862963d4027772a0ec0dafd8
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhs:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsR

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONLNTCOMLIB.DLL.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VCCORLIB140_APP.DLL.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClient.resources.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSO0127.ACL.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.ONENOTE.16.1033.hxn.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp	2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2e630906059c2cc01e4f8cf28b530d10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4404,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:8
1⤵
PID:1168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp
Filesize
81KB

MD5
daae87d5cd08eaab423a95fde1266cb9

SHA1
c25262e33d5fb1eb7eb088d8a3c581d6644f418c

SHA256
47fe12107d656484165fd6cc5116c8f5cd7fe5445599f03c48dba99cfb1558a6

SHA512
47e3214b60ceb256e9f3b57dbf0babbf9702d346b0a5a819a9a0e3022fdea6534998dea194f0fe8a29bf184a39e719b1d96ecc75df9d40e733111191b932c360

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp
Filesize
193KB

MD5
2912c66307a2d9741cfb7487fbab024c

SHA1
cd3cfe85643d746717987064086464596aa7003c

SHA256
2d25031fbd1fc302d3c6797f26244800c0a3ea977d16b98df082c62fa3317a23

SHA512
427dcecdbe2f72b44ca060b7da8b9136d875fdf0958906b6ff3c5d0e92718613e0c70c22d363b95e121978a85eee20d407fae39f48559d986f919b13d02a40c6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads