e627e01d805593aea1806b1372f5d19cdf9fac8f12fdd4e2329f22d407722341

General

Target

30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
Size

83KB
MD5

30142d7cce40dbdf280445ab7253dc70
SHA1

0de71afaa6701e7427295b664169e11529f54431
SHA256

e627e01d805593aea1806b1372f5d19cdf9fac8f12fdd4e2329f22d407722341
SHA512

4719d5cdff33b4feb04278441bc11f4ff0ab31ef941eb7a767814ad13103858068bfdc1dcb9797329e4ec8d28eca7edc37cc2cc7e68ba25472977e9ce062dad9
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76Rbe:6e7WpP9oVLQthbYY9oVLQthbUvZ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4759) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-phn.xrm-ms.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Asn1.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\icudtl.dat.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnms006.inf.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Tar.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp	30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\30142d7cce40dbdf280445ab7253dc70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
83KB

MD5
454962de9c564a4ad655189bfe4bd265

SHA1
817cd3fcc93f9979190e3c1df5319a4411e39dd7

SHA256
0401da86c600d5b79a806ddbd17954564ea91cd93d784de11ef7857458d8a798

SHA512
1762ceabb3710156ea95aea1d40491b399cea9e1b99e761214ccee66b1dbdc5709f5a87757644d9797e5a250457790a90cf852d2a36020f8aa91dcb46fabf2c2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
182KB

MD5
1f777fd3d1812c37a67a84713d6b1510

SHA1
32a23dd5395515456e23345ea12e6371f9364d4b

SHA256
b62c8d6ca1a26431b400b36541345ef4e9ea743492fcdcbeed0c616915cc1bbd

SHA512
6421ed19c061fabd4853dab12f224abf0326bbdd8f33253e1ede9017684e75e85f0835c314b95947d0ea01cf2839ab1ac67a088d07a7ce240a7083d9ea23239f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads