17b4816a199f3b8e791154019c57ee6ded9379132746f151168434980db86d92

General

Target

9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
Size

83KB
MD5

9fe365cfc2f9a35147d1e669a5b78e90
SHA1

01fc6461d862ea9891c7f0ff854845c40ca4ff8f
SHA256

17b4816a199f3b8e791154019c57ee6ded9379132746f151168434980db86d92
SHA512

051b18845620fda675c33d94306fc1fa64632be2fecad495748967eadb788656375d3961b812de96b108c640454caa78de9b838db16524ac38cf665c64f87ff5
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORRe6:W7ZDpApYbWj2WTWJe+e/qXRMkPMkR

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5021) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\README.html.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoDev.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000C.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.resources.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.TLB.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\uk.pak.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9fe365cfc2f9a35147d1e669a5b78e90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
83KB

MD5
9c4d06313447efc1dd3702725bf8ba25

SHA1
271165ecdc1d8e7f449e2d4b23c373eb4f7b5752

SHA256
abf15496331d0cd177faa75c572d7e69238d71f9abeb4ed2ba938d632ce60a12

SHA512
f8f2944bc4c080f01282d9d5a2ed2674d81ad96ab9376815eb6f13076cf5b47d7e20f1f8db5e5da3186cc373381b99228d3b84fda8cd9cf533409581f1082ff2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
182KB

MD5
e7f0d437027502ca3909b3aa1ae5e2b2

SHA1
70329dc69b52f2c7f1ffcb57a6bc3527e9b3b22f

SHA256
64b52ea34b13e805de4a5c0d39f33842111f269a33427a65597415f822591f21

SHA512
babab32eb61d90db9d00e3dbf2ab208b212b713446ce9616181d0c0bab4215e744277d313df741a30e4e9196fad9293cff1dbf48ecd3991293aa0ddfeda460ea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads