76851734178b1fbf73b3c8efd1eb4a2ae8b7c929dd3533200b1b719242dcfd23

General

Target

43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
Size

81KB
MD5

43016c301c05c26ad88dceb553256680
SHA1

3de4cfd53736e704062390a3e70d9d2bbfcad80e
SHA256

76851734178b1fbf73b3c8efd1eb4a2ae8b7c929dd3533200b1b719242dcfd23
SHA512

a53b007dd1e928d84c6714eecb875280845f959ffc761b9fbb82f47fc11692382e49226a31a4bc782fbc4a86edad78aefe5720021c494481cf14c71cb15cf08a
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76Rbw:6e7WpP9oVLQthbYY9oVLQthbUvr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5039) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\vulkan-1.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN121.XML.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationCore.resources.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ppd.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\classlist.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp	43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\43016c301c05c26ad88dceb553256680_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp
Filesize
82KB

MD5
5c5f44849818dbc4c02283744a09862c

SHA1
9745c716b3c9fc7bf728185763759650e7aa8fb9

SHA256
6d5e137527a4c4459fc07423bdb936dc6021921b7df1f8122d9c9be8105239d7

SHA512
f3c77f27f8de01a71c0abafac2dbffd1dffdbd519e2bcba08a6c826778ad3fc0ca962e1254a9643ffb52154a101b1328585935c8577a5445bb206b322c936229

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
180KB

MD5
bd56a49fc5d9e0969023f6b9f2ac420a

SHA1
7b37a33231cb854046471cb74eb369f8e70832af

SHA256
d6cb3fde3f5c9886b070dfe23ecb37899c4a79c2d6a3fae9f1fcab8a5271e1ed

SHA512
51eb7e6b0a480e761e647c53634bdfafd03f8c8ecd184e9a0692b686a5be327993e80cfb71a32fde69c59bfcbdf00177e27ffc2257c9b88d89a695622e3d9995

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads