247ef06508859bb6aa9aa3056ee20176df3898d2c674257f9ffbfdaaaef48f2b

General

Target

18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
Size

60KB
MD5

18b75851a7e6a3c981c92048d4506af0
SHA1

191162ffe238770d32560c047400692f70946e7d
SHA256

247ef06508859bb6aa9aa3056ee20176df3898d2c674257f9ffbfdaaaef48f2b
SHA512

2ed6a566a12e9b0bb1f78d14d07198f8967a673fe8cf4b0649d816671f3c51069db59acbd43bdfe6ea374c0998794d6d2fa48e578c160c9d98c6a85fff827dcd
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJW:W7Z9pApQESOHepOHe8G+6E65TGAm

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5028) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.DLL.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\et.pak.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-stdio-l1-1-0.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\manifest.xml.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\resources.pak.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.White.png.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Xaml.resources.dll.tmp	18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\18b75851a7e6a3c981c92048d4506af0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp
Filesize
60KB

MD5
36a471009dac9b52da4079a8ca0a163a

SHA1
863efdac8fe829cbb324ce51da28793e79de2b1c

SHA256
821e2fd6d2c07ffca78ab5b0f7af547b5a09b20042fc4b6ed155be3961af96fd

SHA512
cde9400350cac7f7d2a6b3e8f3dda4b4302fb8145a872efdf7d879c174234eccfa9f3d6acc9c268b5fc854efcc1337e63bf1e1494580634c4872be37acd12201

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
159KB

MD5
0c90cd3de5099591cda2a40df1b78da5

SHA1
b01b1269dba149fac5ddca02bc05dd60ec30cd8c

SHA256
ce8d6bc906d9da5a8e9abd0f9f95a160c14e1aec0d9780c3b175b7b7a69b0d09

SHA512
b79b1ea6d4b15d4fae3e9ac2614098b45a40c89ccc8e2ab7dd9c65c6dc466200d2c12a563e095791ac7da0515cc8e790b21975110f3380d1f4d1e7c01d636793

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads