54150bcf260bc8aa7123a84d0872baded4850a851164567e9e5032a182fc277d

General

Target

6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
Size

83KB
MD5

6f96ab83481c5be23c9e962d83111b90
SHA1

d2281d19cf493428f673823bf82c8adc736ed99e
SHA256

54150bcf260bc8aa7123a84d0872baded4850a851164567e9e5032a182fc277d
SHA512

7f0cd2cdf5481c49078a4e709c39531ab36567794cbb4717ed049341cf37514946b0cf177029eb7afb2f83514c900d41ef258e935a6697a8c89709fe52ec0b9c
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKZJHJ/vb:69WpQE0zU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4876) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYM.TTF.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\JitV.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ppd.xrm-ms.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\InitializeConvertTo.mhtml.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp	6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6f96ab83481c5be23c9e962d83111b90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp
Filesize
83KB

MD5
a6b10f9f00ad6831d2b1be6f4eddc8a9

SHA1
b86622afc4d36771e20de5f3ca8df8f77b2d96dc

SHA256
17769e36b9d5f6f302a55e36169fd2cd451314dd14a883f7136572071938aa4d

SHA512
63980dd8da59be16a9135faf737c79ac26ea44da3fd6f185cc086d9476b93f87e9e128f1c80ae5c15c581e8a6af397ad9a5ef854d4b71ab231c00d8a89d47aa3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
182KB

MD5
f16b00b887bdfab98c14a395671864c6

SHA1
892cf683616627039a285794fe9b83c7cd161af2

SHA256
7cfb168df23edab244281f6498a5d482afd2955eb9dd86d81313bf309b8e25dd

SHA512
9636ff439372b0cb38fff4b81481eb08e7aeffc8fd52101ca3956a832f4d8fca6f7e93e181c808ce640e79638ee6bad5f0326bcd26fd4035b65586a8e3ee1b41

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads