8fdba7526285688035b65de90e6155391d579341b7bd31518ba66cd9cf50de0f

General

Target

6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
Size

87KB
MD5

6b876405b86a0540a7cc855bf82124c0
SHA1

5c32cb67d09406d4fe944c04004650061166d524
SHA256

8fdba7526285688035b65de90e6155391d579341b7bd31518ba66cd9cf50de0f
SHA512

269340ebfce11f026c0c3080025ff2619d2e0e9230727218514c27ac34333f5747c1231b838a52bc0b94d928c2381ffa2317444eacf791ac50da37acf0ab2f0c
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXaDgjgm:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXH

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4858) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hi.pak.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\release.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\EUROTOOL.XLAM.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\et.pak.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoDev.png.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp	6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b876405b86a0540a7cc855bf82124c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
Filesize
88KB

MD5
3495dd60027bb7cb1ed8ef28e5b40a8e

SHA1
91200baceb0334cb9d878c71a641e69024f3795a

SHA256
6134213befd6c3cb4bed909bf259db9bd93fa15ee4969b7e271e8d402545015b

SHA512
f58ca3800739cadb84edcecbed668290cdfdd586dcebfd20657f8be3329957e16efae95ce45cd9f45db7f946f1010d32517a0835e0724ea977ca45794686d856

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
186KB

MD5
eef515f7dd5e81aa3fe25ac82a44fb76

SHA1
3d19fd1d94de95e1290c40502f61d62ff0795e2f

SHA256
28daa33bf5e6f67856cd834651e6451a074d8f2668b26043dcf554502f49ff77

SHA512
99f8be944cd02a98c7230dce2db612a10d411e4ecdf4c5c74e4f347de7005cb0b3a36856863c7d53edbf211bde9896af499e8aaaa6af8d3f7ad99856549a1eec

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads