aad6e153a6ed7ae5d0f53c4382b329423d3a806693c699d3487b2bb587b650c8

General

Target

864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
Size

156KB
MD5

864f036446ef002b9928e37e7d166990
SHA1

981b5c4bf5c76380522d2d7c2b98035351657ad1
SHA256

aad6e153a6ed7ae5d0f53c4382b329423d3a806693c699d3487b2bb587b650c8
SHA512

195f46e3b3371ad55586c33bd2d610303919082d99b9c71b7cd8e5ccaec7510ee3ea228750c7e93696cfa693c6f04a62a46b4856971f995e51a2a265568dee62
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZQT+cfWVP2ZQfq6Tl7j6tfmTk3R:RqKvb0CYJ973e+eKZGWVWQVmF3R

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4726) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.HttpListener.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QRYINT32.DLL.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\864f036446ef002b9928e37e7d166990_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp
Filesize
156KB

MD5
71810c727d41c28478d0795f7d08006a

SHA1
3f80c62a50e3a645f5157a8956025ba481a38ed0

SHA256
2dbf765228db4a2e8ef408a0ecaef71e5e1c4cf237e1ee0ebf135d2808967bc5

SHA512
256ad6c56dada2aeec66a2738da6aa7a43af02a68280d5c0547c3a8497253cf101ce624710ef29714fa025aa8b0a878cff1fe1bf6c366a44a12e7bd49cf38397

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
255KB

MD5
b646d1fe661d823c55d04a23b4318354

SHA1
a45d060291210d0c7cd02b610476576cc91bdbcd

SHA256
e7b0375b5699870c2f8ec04604866f249a5e1d20bfdc378940952ac25b0bb18d

SHA512
7b16e222a73f66c2a83e0441b58cc267ec6f2d896c8ebbb175909ca11061cd9ff4fdf58e0029864f5dfd2196906bb070fb98cdaf5eb15a131cfff18c6dffafce

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads