9f659a7a6ebc67858f7ff3eb8897f21b46829752ccd00d52d9b2ace9e3daf4ed

General

Target

92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
Size

83KB
MD5

92c0f65915bff4c1254f73c36d0f0290
SHA1

0bdcd45ca2613f1d5044db4ff092e8ccf8a73adf
SHA256

9f659a7a6ebc67858f7ff3eb8897f21b46829752ccd00d52d9b2ace9e3daf4ed
SHA512

81e57099aa20a2f19f6d2f68e6866c982f5f3f154af8c3d3ddf96cf53d94201f47920ebd450e342232a4c289b0acd3941549ef3afc529db9f8a1f766bcc6e03d
SSDEEP

1536:W7ZDpApYbWjIlE77ufL2e+e16al4StuStY:6DWpwE7oL2e+e/l4+u+Y

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4626) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Calendars.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\net.properties.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp	92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\92c0f65915bff4c1254f73c36d0f0290_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
83KB

MD5
5c04a918137a4f924e2d09f42d47d32e

SHA1
470f4738c5b8c69a049ec79ebbf7261284550030

SHA256
9932caf92c1bcfa34ae86d4a09c68626a99adbf599aaba9b30fcaec504708a67

SHA512
0e78ce30d22763ffa7b0e00f56b989cec5bf90e5907d1ed7035aac8a99b9693f794876c9b24dd0cfe0311a4c3a26da85d6ec469e8e8da688fc4fbd986253a5e0

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
182KB

MD5
b79f3425c3d39c69a5a04597e6c402ce

SHA1
6d7fa001c828f5884b9544f97eac8d1debcdb6e9

SHA256
674afcdce1f3e6e9231d3b48c011fbec6d8156ec1e36fb998ff7d15d0421dd04

SHA512
ccfce372c07f950e989549ee050eb7c642da11e00bffe5c949da397beb7cdd59f591a6ba6d92d49b40aee16988f2e29a849213cbd220675da997758bf0ce2fe7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads