8811ad2bac9953ff0857a179f14ac5543f1babb8d98987956c30f1cc753f32d0

General

Target

91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
Size

50KB
MD5

91fdd618bea7652fed65815abd6f9630
SHA1

317018532f1622b15596723492eb8f6e2a719030
SHA256

8811ad2bac9953ff0857a179f14ac5543f1babb8d98987956c30f1cc753f32d0
SHA512

f04b4bcd14578c720360a2e81c8ffbdb9b12c020ddd1176e5aefbce648ccbbbfae81bb47843d41be229a0b52cb9fb81e4ba63d483c038b15208a53dfd1a724c1
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsR5nd5no:W7ZNLpApCZrt8PWGoPWGANdNo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5233) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.dll.sig.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\LICENSE.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.stats.json.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.tree.dat.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGIB.TTF.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKPowerPoint.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationProvider.resources.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\BillingStatement.xltx.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\awt.dll.tmp	91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\91fdd618bea7652fed65815abd6f9630_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp
Filesize
51KB

MD5
7b3d9cc08f84364631a154cf0da44832

SHA1
dd380789bfee27a1f906e95607b759883f2b9516

SHA256
a232424ddf0a771ca0052b6b0537f4148aa8fef8b644a950898e5ea79af2ae70

SHA512
6e082e9612dfdbee6b338df6ed0da2398cc02c0b2cedde64dad599a111114ccb821e201f3a68143065ad657aab60c290743db221d58084aa8078ce479ade172a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
149KB

MD5
15f95e3f0f908d0aa1b28c262594c6fe

SHA1
7de617e79da2262696d1de01f37a257616d7790e

SHA256
2144561f6f775e2ea6fcad2fc09eea2098b36302eecbe3469d63cfd7a93deba7

SHA512
0334b80ba69fd066ac32e6adc3aff9c172bc5ba397bf5e9108c6dcc14df262e78a9ae991ddb04f900dfaf34c15ab5b5a7655c19ee261bb9857f4c80bd6baea29

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads