de7490fe00c36c1d9756cfba554fc3f6c4a30ff38f3effe8e2596b5322feea50

General

Target

428416de5670b31499576971cd935200_NeikiAnalytics.exe
Size

90KB
MD5

428416de5670b31499576971cd935200
SHA1

37a40f47f56e88d8a1924fc5e6c8d6f7c8914ec8
SHA256

de7490fe00c36c1d9756cfba554fc3f6c4a30ff38f3effe8e2596b5322feea50
SHA512

74c5bff5dff40f236cefbe173784b6ffcaa2aac2ce502a5ab214c645e57706f4abe9aa4ce35075cdd98dcb155f88aad83223ba62c13f67025eec3abe5726f985
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXa1:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VX8

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5044) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

428416de5670b31499576971cd935200_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ppd.xrm-ms.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationCore.resources.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Input.Manipulations.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.White.png.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\COIN.WAV.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp	428416de5670b31499576971cd935200_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\428416de5670b31499576971cd935200_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\428416de5670b31499576971cd935200_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
90KB

MD5
75081a34b489810bef27d800cc7d17f5

SHA1
8fe50b1a0e3677d46df188bb3fa8566144738296

SHA256
1a889ac033b5ee639263626b3ff01981c8c83ef3bf1a0c70e5e4b7217d5e8578

SHA512
3c778e817d802b8d84cab4b5a2d55a70f45acabcf8db10f1c182dfcf0a441b074699c2f6ccd0b042ab6adbc3dc1f6f84a61d4c3697aa6ce870757b5c37fd4ea7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
189KB

MD5
cf2af1826824bbaf7dc5aafc4fc72052

SHA1
abed63217a58ad09bd67d91ce752bdb7642543b4

SHA256
32226e827515c779ef355c93ee3a0ca48f9f7a4bba37a3a43f67d3f419962299

SHA512
55d0f320175e7f2aafa05f5b090563a9616cff80ea2e9fe6a0d7ff6a0fe6d008af40f5bece7c54e063d0ca177e6b960fc3301300e8a272ec5e62a617521c36ab

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads