3ab10bbb2cbecbf6d0a158a7d2b5036fd88d8399c116ecad0ccffb22bc84af4b

General

Target

f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
Size

46KB
MD5

f44d7a7cb5b852e1f9253d94dddee1d0
SHA1

b875dd4a1540426f532580106cc7fda0a413acec
SHA256

3ab10bbb2cbecbf6d0a158a7d2b5036fd88d8399c116ecad0ccffb22bc84af4b
SHA512

cd7689e7398fbaa3a3ee2520b5eae444dc51d4c901c0fecfd1ecb932c7eb02f188a15adef5261d59c06da0d3a9b288a79eb0f66fb7a8947dfc867ce7542a7cd9
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGHqAlJpxIqAlJpxqYJIJDYJIJW:W7ZNLpApCZrt8PWGoPWGSe+e0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5186) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.DLL.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-REGULAR.TTF.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\ReachFramework.resources.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.resources.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryNewsletter.dotx.tmp	f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\f44d7a7cb5b852e1f9253d94dddee1d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
46KB

MD5
78e9bb30d18ac333e36e843619fd0b57

SHA1
04bc27051c2c44f4dfd189d5b4fd37688323cfb9

SHA256
84b9f7d44f0ac271de12a96926a38fc61eec5dd2991632fa56f423f2a7152f1c

SHA512
724401c452eccce54f1ffe4b981582ebbb5100e50810c81d0865ff44a00a5bb3f8399be51c41e5bda1f55cac4168d71937601e7feb387fe676ea7f3a48cc4bb2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
145KB

MD5
4ef8217f1c69a0ef0ab0f33e248c295e

SHA1
763cd3b7ae272eec89c7989da2306bb229bf681c

SHA256
c2cac5c0fe35a7975c07e8c4294075b7fffdcec61901445a67755979087bd058

SHA512
7d1b6586ccfbcddbede4617c657f47b3b1db92926417fb44b43b64dda3af307d463ec3de370caeac586235166cec2f0cd90eed1c421ef1d46ac458428e0cd002

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads