73dfd53d2ecfd3ddd51551c0a86fd847b8ac2301240e7117475808d5bc357d7e

General

Target

25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
Size

83KB
MD5

25cb1c290f08fd6961943b7b954b5b60
SHA1

4403742f06cc1b13e085fc5914fbeb7044d2187b
SHA256

73dfd53d2ecfd3ddd51551c0a86fd847b8ac2301240e7117475808d5bc357d7e
SHA512

5cabab0678415b0f53faea858448dedbd09e17b7a383b8d3380198cad6417b30789d7f22a8f25b011b87fd66cfc91c094fc736205541cdfb8b781eb296431d7d
SSDEEP

384:GBt7Br5xjL9AgA71FbhvoBlByH3pgfnc99bNXyH3pgfnc99bNq:W7BlpppARFbhKyHZgfcL5yHZgfcLE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4840) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\BackupRestore.xlsm.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicudt53_64.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Xaml.resources.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp	25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\25cb1c290f08fd6961943b7b954b5b60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
83KB

MD5
0ea6e2f5844e6ceb0f77b1071965e81e

SHA1
f79db8f5226afe52c7bd44247f5e983b6b996e1a

SHA256
af79c7916f25ba53fe6eb21f9e7c56ee158254becc665770a96398a5a4c8a335

SHA512
d77605eef2eeb39d5e63cfcca08d8381ce835eba2ab39a1092d3a59197eee78f32a37b35940ee504deb717edd2900b7052e61556c480887e4ddf09e74f23314f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
182KB

MD5
da7bbba1bb59035995301eaa797ad71f

SHA1
806577bd206ac3340c525c9322baaf34b62428b2

SHA256
66f833cd9325d93c1b3b2a3d3d09eced72e60015745c50fccfff8c0415c163b6

SHA512
d17843a13a439a85c1929f8c78d2fdb2ebc3f9042832c36972882605f522d8dd30c21b089e740cc384f305733541ad5d939e6d6d19882a6d863c73e0ddd0ca5d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads