0fb4f4859cad0e416ed3d87514fe57a9a791be15344e5542bc09ac4c07ea8e06

General

Target

5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
Size

51KB
MD5

5ea06916f3e36b5438a295abb4dc5370
SHA1

01ddc962681637c8a2cdb17741ea54bbc82f1c8d
SHA256

0fb4f4859cad0e416ed3d87514fe57a9a791be15344e5542bc09ac4c07ea8e06
SHA512

9a135e659e2cdda9b35f62af2b71ca9c3c00b0f1f43a494a85e1194500ad753c76cc802f5e87ff678a28ed8a93144235681f9ff90979a7508d31f038b55804da
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsR5nd5nT:W7ZNLpApCZrt8PWGoPWGANdNT

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5200) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoev.exe.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationTypes.resources.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationCore.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Uri.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoBeta.png.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.dub.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_iio.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\resources.pak.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5ea06916f3e36b5438a295abb4dc5370_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp
Filesize
51KB

MD5
f02380b0c83d397a35d434e99631a6ee

SHA1
8974ec10d1296f1ef2095f297567ad7a437cf403

SHA256
3f4dfeb961a11df70250562c9abc4e147a865cd57217198ae65c3491460b02d8

SHA512
7e6acb56415d63860438627fa069ed7884e3aeb64eb3599aba997c909d052d2f0ca620cef6a1692a1992a756beb88d00fbace76c1e3a909bebe385e425fd09e5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
150KB

MD5
a4c61c33a6888164e47e55f1a9b294e3

SHA1
9a5f52b33895f0494a728b6ac954ab4c8a0a201c

SHA256
1739a9e91658d0fa8b6d9928781b059a6a015ea5d8ed7892c75999f37be80160

SHA512
619cc79e05024c08d45ab5605c298ba13fbe58ea5f36626b350198f33ade0e14181ba9b873f4681bc73a9693ea1ef227f9335d35b7e34bf2e8d41f0beab0b8c8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads