4c0af2eaba6c6b9d12751355fbd42b34e2edbe3b3483e91c2969446e41c010b5

General

Target

8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
Size

46KB
MD5

8a72522076a710b8b4ca5e3837a817f0
SHA1

086c6a0448c8fd7480cbac4d10b023c2b805d4a5
SHA256

4c0af2eaba6c6b9d12751355fbd42b34e2edbe3b3483e91c2969446e41c010b5
SHA512

559b48e75db3e712410a638c6a0a7510dcae385076d6d35009beaf93ddc3fcb34d2206b97491be7e092982db3592d262a69536001c2f94c7d47f154c81b771f1
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsO:W7ZNLpApCZrt8PWGoPWGl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5360) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-time-l1-1-0.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.exe.sig.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.SETLANG.16.1033.hxn.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pl.pak.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MINSBPROXY.DLL.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.tree.dat.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ContemporaryPhotoAlbum.potx.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\ReachFramework.resources.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp	8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8a72522076a710b8b4ca5e3837a817f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4196,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=1960 /prefetch:8
1⤵
PID:4836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp
Filesize
46KB

MD5
6294b61dc87e64c7eca5c1b4db829fc0

SHA1
fe9e31f24afaf81213b3e71f35a28c8c02be8e7e

SHA256
3965600ecbb768b93fa0810858b125e4f31f9603b8aa6264a245cb7fb96c1c00

SHA512
ae17d748fca23d4243d3f7ea5e20006b1ba4b9765e0b03dc85c97b1674ca2254150f6926985b16af84824ebbf9372065e7577cafc0c66b5939cf44878ef9d945

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp
Filesize
158KB

MD5
5591c66e076a44147bb771aa799cfc92

SHA1
78f9d79f2010e4da0a5e1aa9fbf320725bf54854

SHA256
3971ad6517d26d93f1a988ff664dfc1c7fb7433b3d45612d599070c4c411615c

SHA512
59a8312923bb9d48dace7919b9d96a033ce7eaee157887c7970c757e5caa67a3201202f32c838c7e0ffae67b0eae8ed0080f91773ee7ea29dc34f7024928a800

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads