1e2d93e6fffb9528a5df2c544e63014fb5cffcf6569b50c2238d869cce2cd30e

General

Target

7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
Size

76KB
MD5

7e353ac8585b3fb4109aee655fa0a930
SHA1

137b499a101ea925ad6ba77b44ac1441cfbb2492
SHA256

1e2d93e6fffb9528a5df2c544e63014fb5cffcf6569b50c2238d869cce2cd30e
SHA512

21c6f62781ee98366d61a1b0e66571726a1562737b9122756069c185111b3adc3c5d5b0879bdd30c9f4208404eb4bca067a73a8276892a9086c3783178daccb8
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhK:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5199) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader_icd.json.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\MeasureUpdate.mpeg.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.boot.tree.dat.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sk.pak.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUAI.TTF.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.VisualC.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Extensions.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\msipc.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp	7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7e353ac8585b3fb4109aee655fa0a930_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp
Filesize
76KB

MD5
fafbe2c4f80a2ade1e4e62a0146a6f30

SHA1
3709858b23e913af3622db72f43c0517976555bb

SHA256
ad5030e04e6a068e73f523bdf8cbeb17494e9f794607075ba7be5ce6c688af67

SHA512
49ab4cb4d7c06946db5be74333045e4f64fafe4420939cc0dbed51b59230f9f6e2c5af5aa1f4b9e931c38ffeb11a4db4bb96703cc60b4d885c84c62e7d27d761

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
175KB

MD5
d1ec95e39581b7f705a03acffa2403d4

SHA1
6a061d890b054b1d863501fbbcf262715969bd1c

SHA256
1b573c3c9ab15f500eaf023480cc621ded941a866e955b81ce728db4e5f46cbe

SHA512
15aa539692357200e5e88ca9434229fdb4dc96ad3d48307659e4e099135ee91387abba4945c2afbe0c8563575f63f94dd077d25fab769e5409477daf3b3d0a53

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads