4c75e2fb73dc4dbf6f92a10a6a39225b52060bfd1c5e12ec408787e0c6544d4d

General

Target

2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
Size

85KB
MD5

2902ccfa5f9b036c2c8ccc6a639cb0d0
SHA1

165776c869d9f1b05cdda6047fb4131ff9258f63
SHA256

4c75e2fb73dc4dbf6f92a10a6a39225b52060bfd1c5e12ec408787e0c6544d4d
SHA512

589741b3b5c980c9f843125e73ce43ada91bbf56fcb51a5b674d067299e0a8145c970268dec7842b2a910411f9388b1a371f5d6363f349629f4a7158dd878011
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/Wy+JAJF:6e7WpMaxeb0CYJ97lEYNR73e+eKZV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4733) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\mlib_image.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ppd.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Input.Manipulations.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\manifest.json.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-PT.pak.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Parallel.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\management.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\resource.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb.tmp	2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2902ccfa5f9b036c2c8ccc6a639cb0d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp
Filesize
86KB

MD5
cf34a2ed3f81a307581077197975e3fa

SHA1
f7bd3b90f9431ed7c5d9e3fc1dd13b92c6272974

SHA256
ccdf6cff6ddb6daa8a0f3e3bc7604cc01db9912554751d910aadd183b64e534e

SHA512
692847009dff7de5693dd4675b79aa7d22336f0d26b712cb703eb25ccc6bfd91b4412b49d27e3960233c0d4fc2a1de8ae32d9175bf7e34276b71b0e74a264226

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
185KB

MD5
5ad764231979d2f24ac6d54dd163f06b

SHA1
47ade7d4e60c5d5fc4a3ab5d0a953bda3fa45e33

SHA256
6598c6fa3e9e249c15f4f29fb9bd3499342bb904f80a00dd33eb6c68d9e17b9d

SHA512
12cf639358bf62386c37cbd7679edf2336ec4cf84b1e6c70336f0fbf81bed3dc464bec8cf4d1d15193b96557bbcbbb761ea46bc39f5a25a938ff3d8eaac81af2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads