2d850194a6e3945d7f42ccfaeb2adee2a051d5ab551ff267c82a088d3cded244

General

Target

75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
Size

85KB
MD5

75c2d1b0ad42f39b1fafc3c077d39d70
SHA1

bf0fa0a56109e6e07e1ea431364b7e260f45ad26
SHA256

2d850194a6e3945d7f42ccfaeb2adee2a051d5ab551ff267c82a088d3cded244
SHA512

2c2153075de2a606d88157f81ed5bedf2e70ffd894087bbb95642378baede97f63cd54db02cb4b70c6bb93f33725190b30f04ce0479d3901244f88e41e1d7678
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBK6Vu:69WpQE0zk

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4868) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClient.resources.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\eventlog_provider.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.LEX.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN010.XML.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\et.pak.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NameResolution.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ul-oob.xrm-ms.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL086.XML.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\external_extensions.json.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\Logo.png.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_FR.LEX.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jvm.lib.tmp	75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\75c2d1b0ad42f39b1fafc3c077d39d70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
85KB

MD5
f5868bd346425a0389fe6f3c4309f215

SHA1
45440af27cac2e2b9b3b337b4aa18c554244ed95

SHA256
4be741fe48b9cecd1dc3065ffa66b9493b8ffc2328400b2605bb6ee6419192d2

SHA512
827e7b869b537652305a7f6517ab66c442e26c88fff9fb147e52ddd000ffe0d9acc3898428c75cdcc6d5d1746f97ac6d8721f9d7dfa463020829d8f0fbc2ea40

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
184KB

MD5
7a148662993328861c03aeced975d0cd

SHA1
e1334328375686cf2311106cfbfa0a17a2a6c6dd

SHA256
290358f40f7250edba3af4434edfea39bbb94c5c7310df8a84b1deb468e21ca9

SHA512
d3b768ca4a8deb46bcd82987a75eaff46825e187ecaac395ab5e546f6a0e9a7a239f32c7bd1a106a5cc242b408eebf12d8e5f34ce4bbda294358ac7fcfbba04c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads