37c39164871fbcd82efd97cd3742d06fd91feb7b4c2388e359d3313a23f5faf3

General

Target

50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
Size

89KB
MD5

50929cc10501e493471e20541143e0f0
SHA1

0c616da844f9556f3522f2c52d5e18d2c013fda1
SHA256

37c39164871fbcd82efd97cd3742d06fd91feb7b4c2388e359d3313a23f5faf3
SHA512

67b16c7fa0581490573d772d515ac6c6f312737ae5cdbed5de8b0f3377a5c02d7a89f0a13e166ae3c7e68ebad048ba32ac120d6bb844adfd7b97c4c72f105cb2
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNv:6rWpcOPxPke+e3fFpsJOfFpsJbgEd

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WebView2Loader.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.TypeExtensions.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\da.pak.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\am.pak.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\Welcome.html.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\vulkan-1.dll.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp	50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\50929cc10501e493471e20541143e0f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
89KB

MD5
3190a4f979127afb83c9e688cf1981e6

SHA1
60572c3a2cc3e1c0a8c782ac7997a019693d3440

SHA256
8a871705dc2b8dc261cc4326e1ae7a3278665f594fc894e35b76887668d6588e

SHA512
3f94ea8b59da7d6df23c525fde05b6f5bcfa70dfe4b32698f56b80bb7549407bfa5afb0a579d75f15c171e180bac59840e7bfac9ad28ce64feac48166be44ef8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
188KB

MD5
71eac2181fe87e2c8ba1c41bf20048a1

SHA1
beed2083fdee947b748dfde2a87739f846050e99

SHA256
3f051317de158bf708e1a5b0fa945b8099fc16f8ff2e9ff86a2a94e32b17c95e

SHA512
a593dc550d787561d66384392874891822a6de0fe1c749607ea22c89af3ec32b72fbd463005f625ec2feefbc77ed4d4f1ddbcbe9ada2e05b80f3509fd8b95ae3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads