a8a9cead4810021a281b6e7d1b559ee5d8a45ea17d708c4c9c7a7ac544bfcc04

General

Target

0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
Size

87KB
MD5

0b2048816d26e8e71d488cf9feed1c00
SHA1

fa741fe6a71ade2572655f80b587b031c0459b42
SHA256

a8a9cead4810021a281b6e7d1b559ee5d8a45ea17d708c4c9c7a7ac544bfcc04
SHA512

410089f4409a7daca824d9c4a68ea29643262ea1bb251d9860b798b66b1d37364b37b0316d019e11f00b6b18aba3c0fe19abfcb26e841f6dec0c76193c51ad68
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEht:6pWpUFpEhLfyBtPf50FWkFpPDze/qFso

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3083) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Extensions.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp	0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0b2048816d26e8e71d488cf9feed1c00_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp
Filesize
87KB

MD5
bc5b43409e2d875a1b7695d2cf2656ea

SHA1
6b73bb772bcb996ce8346a5c12778e309eccc9ef

SHA256
1dc0a8a190715366ed8d0a6bb683e8b1aeec0dc2affcae146b0a386f969e346f

SHA512
f48bcc11860ed4b1a062a28f19d71df96412c656bf0a2a01e7abd24e001ccb95a4aeda6c46573d33f628b54acae423477b21b64e45c05217078f17165a7ae466

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
186KB

MD5
5d04afd55275fac0ad0ce59d41aaa682

SHA1
728d70ac533f13f898543b44bf36de677afee467

SHA256
fdc1728f635d0076eb656104754895aa3d7752d19e09fa45f6910b82497ed978

SHA512
200fc8101c4d44f12b833a10e6474a92a73c22496125a6901f814c1b9f02bf3de3cabcf8829177ed1f5a76cc89aaa991ffd9670de05fdfd01b4d6a152bd3b906

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads