d782cbf88c480564a5ebc1ee2b99e2cb946ed73410805620afe516af9d2fb923

General

Target

54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
Size

84KB
MD5

54ae4d51981ee0666dbb9c237c4433c0
SHA1

d336b2e8409ab3c2509120f6e3aef287332aa44b
SHA256

d782cbf88c480564a5ebc1ee2b99e2cb946ed73410805620afe516af9d2fb923
SHA512

21ec1a8caf00cf5d4321d7eeac675e6d2089fdfc3fbd49b03f1c207b90b26a32913cfa1b624086df4c6b0fff52908c3c628ad9b590d75d2f13d4d0c203aa4bf4
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhb:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunmscapi.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Tar.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_socket.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jni.h.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPSLAX.DLL.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BRADHITC.TTF.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationTypes.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp	54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\54ae4d51981ee0666dbb9c237c4433c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
84KB

MD5
62f79ce674988c0e1951b942b09ebf59

SHA1
f7fcffd11fac4ffb31b6eeac396850e2143c5d7e

SHA256
7f6f05d144dd9f4e1506290b300408487307d7c4d34980bc1235d7326889afbf

SHA512
d36ea5423523d27db552196e06664d1e9c9e444e303bb3b8d533769aaf6b03ec2ef8e14af5995198d42e6ca1b91f13cf67d15dd8ebf27a5aca46de8b9f0dfa94

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
183KB

MD5
2bbe8ed4ccc18b4bc3d841f6b4c51ee8

SHA1
40c3933fbe69ffc807ea1efe93e0ad2f03a68b8c

SHA256
c27e0cb08cb55aea63b7e58264708b88e45d661c7c3e4aa4b97de3502ffdbed1

SHA512
7ffdbc9c9199dcb5597f96b02aa0e5a94286199353b841ea2b446ec845264e5fe069e1d115ad104736592cc40b495e36ca0aa5834b054a06adb51ab615f32ab3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads