6598a477b669d1ef50fc704f53d23b2018c9f7d657c3959955917310eac26623

General

Target

6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
Size

124KB
MD5

6c995e15441d58bd4a0164ea0efe64a0
SHA1

eee5c108e4ec80cd481efe9e16f4d90cb03580ab
SHA256

6598a477b669d1ef50fc704f53d23b2018c9f7d657c3959955917310eac26623
SHA512

1c9a6940342544ea5cc69c7eda39fe1ebe086d67be771c6f8501a808b20ac9ce6aab7fb6d3cecc882d3a48291f8ce0a95d4ca1f812d52a8b78329973dd38a451
SSDEEP

1536:W7ZQpApjIZNdNnfFpsJOfFpsJ+n1k1jWk1jr:6QWpkzlfFpsJOfFpsJ+n6j/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4757) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\DismountExpand.TTS.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\id.pak.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-pl.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Xaml.resources.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-stdio-l1-1-0.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.CoreLib.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp	6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6c995e15441d58bd4a0164ea0efe64a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp
Filesize
124KB

MD5
6127ab6575840fa053090790bf1c878d

SHA1
5a2a9ef3b1f0e74fb6b41992132d7753899c1fee

SHA256
436a416c17bd48620fdfe7070b529fc47bf6954f389172f520cb8a03ceede714

SHA512
318d9221ea290310bf4bfd7f57ec2a3678e4217597a67b2c566a7f2bc222b0b8e0e0102df838e6b7599166dc7a4da891d98aa9eed40a4393eb807e18ed43d86c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
223KB

MD5
95c42acb2cb95501999f73e4b97c5b42

SHA1
3c7798b9164d816a603b4ddb2a260c9f4eb970e8

SHA256
058ea43e18e5bf5feaf79eb52e8c1ff2896e623daecc4623f22112efe6a4019e

SHA512
01779e08e54c1e6c6636288f093d060f12da762ffb034766b18029c48be7420c7c72622a672f86715df3348d2fdf14e3e5c61030e44d93acf94d9ae021efb8bc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads