1b49c01642dbf479b3eadd04163094cc0a62cd818c5560eaf4bc99982dfc3323

General

Target

ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
Size

75KB
MD5

ca90846f5fa8e674fe5be998881cd860
SHA1

4d685e9556be76d07af244e321540de1163bc309
SHA256

1b49c01642dbf479b3eadd04163094cc0a62cd818c5560eaf4bc99982dfc3323
SHA512

5af2428adde2a9b29f4fda7069651cb8c184c43bb7716c63bde7e8cfec0f362868e729798d3b7397fca95fd29447fc117ecba4692df7b9ffdecc733b643fb15c
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhc:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4837) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-phn.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Primitives.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\misc.exe.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp	ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ca90846f5fa8e674fe5be998881cd860_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:5112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp
Filesize
76KB

MD5
e2cc81f08bbb4504861f602375cf1284

SHA1
785c3a87ee8542ec71b4e7034870fa56f55e2575

SHA256
53725bee14cfba80567cd30c4a37674ff06ec7eacc39953ce738ffcd326a8584

SHA512
78fe9405b71331e29173446e7e25bd250a8f9ff99397c599ed6199e9cef589d3355f53658a710ced40eeed91ab3615a107046df017427daa74b22d2112ed1f00

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
174KB

MD5
fa854ff0ee524cf60e0c7997e32e2217

SHA1
53e4b7101583e3503eadde63b9f79ac3a6304cc0

SHA256
df931a26044159daf34852a7e0eb5ddf242cf5d7ac92ef5b6457b0595a7fc51e

SHA512
9a40e7f35d3b7d77157a5db9ab1ed920a952d88121f1f5e07a1a6255142ad3320627a1d7747875a131463b95dd75ad79a3b48173528b5836579d8d38b92374b7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads