2d05f7cfe760e3819d6986c925ea57290fc4adbd4a5fea3050ae27976d788fe5

General

Target

ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
Size

127KB
MD5

ad02319fe47c9db72482ac17ea4d9910
SHA1

6d5cf58d458484f90361305bedca46334840f6a1
SHA256

2d05f7cfe760e3819d6986c925ea57290fc4adbd4a5fea3050ae27976d788fe5
SHA512

e4304618f9f00f563e5c620e7f2b2ced06e85f478d05f689eaf7d97b135410a94a05f1184cc85485d5ea839a83eea64c2b4b108a635dfeb301cd8075a0e73f15
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzd:RqlIyFESWu0SWuGSwx6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5001) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-manifest.ini.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.map.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.GrayF.png.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\misc.exe.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp	ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ad02319fe47c9db72482ac17ea4d9910_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
Filesize
127KB

MD5
32838d109547125b2ec919240c2becde

SHA1
c09be912a3ea99666a756e9c47f87fd351c85154

SHA256
f52d3d9a0b7826ee88d6e8842d01cb41f0c1a6b23a7ca3486011b191794df458

SHA512
158de735994ecd8d3e6906632a9cffadf0de0222d6fae7f4c0caf45c9e3fcc20a70a6664aae779bc680057714919f4c2692dfb7707ca85fc63007889e80e984c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
226KB

MD5
a919c383072baa94840b9b83ae0184e7

SHA1
e3b227c25856dcd78f3958d51dc14d2e74e5d34c

SHA256
cd07ce8c03475f3271e3c11f1750de9e625c49d70088930fcbead2a5d724b42a

SHA512
dca8add350f600baf088f295b6144da9d61884f815a0261e17299f47db7cce9797d628841aa85fc9cbb99ee28b488a30cf4c85779dd940cb20dd43eb4448bd00

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads