839e4a1dd98ca0aa421e0799ac242510c054020626f0bdcfe8315e0e72bbf597

General

Target

e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
Size

82KB
MD5

e04a549ded9de48e38ebc05dbb1d8750
SHA1

2b18f66d1eb82edcc08a9f5940ddf4866bc2d86c
SHA256

839e4a1dd98ca0aa421e0799ac242510c054020626f0bdcfe8315e0e72bbf597
SHA512

5ab57476ebe2e5eb86aa2b5622035325a3f6f344642fc194738562cde446dd30a1d9e80a1139c3df7328ff14d1409d03200d8ada392f042fba920d6e7d1b8c1a
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/2vlXE:6e7WpMaxeb0CYJ97lEYNR73e+eKZ2XE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Xaml.resources.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MISTRAL.TTF.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-180.png.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHEV.DLL.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\WindowsBase.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsFormsIntegration.resources.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationTypes.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL115.XML.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp	e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e04a549ded9de48e38ebc05dbb1d8750_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp
Filesize
82KB

MD5
d6dc932335f97ce0abb988134903907e

SHA1
704868be077781e5683515cc8495b29b2580abda

SHA256
f55064c3facbbb7c2340d2184c710f4735100880df411b02ff6145e023cf7e90

SHA512
06fe8888b6a5e8bf1e02d2a3552476bac93f3c535f36d196b5fa379593e706cd70084af06ce11a13bf8cf644a52bd57ec9ce460e3cac3be86d61d736c0874ac6

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
181KB

MD5
beb84307cf06824103860983a7dbfd85

SHA1
b4f870ddab49c33afb676ceb09ae693e46f1cf10

SHA256
72eaa5dd4da63512566d12e1fdceab9d763acdc8cd19514b08e4d94f56c391a9

SHA512
6b0cf3e5d4f1b6c0f8c8f01092b12e364c2f538898908b6649c620183322ac6269ad72a00124b5109423790cba65ffbd1abafcf6954ab45faec85c4bc5b7b0be

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads