8613b97bc4cdb152e75a7e6f1e6260719ddeb02ed086d7b2ab18616caeb962ae

General

Target

868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
Size

87KB
MD5

868d15e0a51034f7b17811fcf95f85c0
SHA1

fd4e7d44deb2a7295303ee96f24cc2c05dbe072e
SHA256

8613b97bc4cdb152e75a7e6f1e6260719ddeb02ed086d7b2ab18616caeb962ae
SHA512

1aeae0c2353b802be4c58c34c4239f3f039d36ef5d9823ac689d4802b95195526ef2d595610b8b34d98dc178910eb4b117c451270ee0177f10135be50c4c7883
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXaP:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hu.pak.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicudt53_64.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN026.XML.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.boot.tree.dat.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-stdio-l1-1-0.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\msipc.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL002.XML.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.png.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoev.exe.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\868d15e0a51034f7b17811fcf95f85c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp
Filesize
87KB

MD5
14432fc25ead76250cad1566b0d8c570

SHA1
45a71ab35cb64be74fe26adcb3c6c0d107765913

SHA256
73115011ffd53e7b94ba78cd8ade2533e20b99213376d1015e30290461c49cc0

SHA512
0564e02dbb64810505f744d3b4288e7b0c09e43a712424be9b486dc833102c96b48111fb125ba5f572685fa88cda27646fe0b4242eb2a5c1d35cb5d81dee9411

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
186KB

MD5
c8cbbd4fab2c26a172a07da5dfe6595d

SHA1
415b7ab7904eeb365b54f8800fb71396b8a23b03

SHA256
f951ed3b8eb92e1e9dd6b02fbdae28c6c3efdd4e27010406f0904d4a2d6380b5

SHA512
f544f9cd7e2fdad99b35cdfa12574b56c32e64b37b2fe21b56cf8603a757a2085c61bb28905cda4002646e0b32457ef7f93031f3ed60885b7fda0b14c34f5e77

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads