7c0f17be2e32e1bcad970b650071a3f0cc0061b80086def5bb8dd89ba5946428

General

Target

02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
Size

88KB
MD5

02ff5b3aad1eab842a20a6ad6cf9a6f0
SHA1

eeaac7922b058476bea89a87bc0af509423a49e1
SHA256

7c0f17be2e32e1bcad970b650071a3f0cc0061b80086def5bb8dd89ba5946428
SHA512

10e374878c6be4649721e6d64f3c975abebaad294c52f76c7aa1b75acb3d308a10d477e30bda2187ddc041a03eca7c454e5be666123814dd5fe0dd8d90ecb0af
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXausaLsab:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXt

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5041) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationFramework.resources.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Wordcnv.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\personaspybridge.js.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ppd.xrm-ms.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\manifest.xml.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\FileSystemMetadata.xml.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages.png.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnms006.inf.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp	02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\02ff5b3aad1eab842a20a6ad6cf9a6f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
88KB

MD5
e7d1e99f690c94f5b747f0efd86a7985

SHA1
d8deaee046b493e15fec7372b540cf6247ba90d2

SHA256
f26c308d194bdd7888a28e39a4a7668505181ea05705e893faab66225a0ea868

SHA512
a05652a26c17efa32f991668c182d3e10c3b25452352f21ebd83b4725f6016de09c9d122d4f7f77b3c7460a28658c5c070b03e0308a09ba3b8becd5354925b1f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
187KB

MD5
c6ed33bc1f4ba77ca111ea35a055a7bb

SHA1
5e1469cfdfc0000e0f389d7a618ad0f94b536d6a

SHA256
25c24fb29083ccf8087a940fbee2c367dd1b199a6baa8a2396ad3d2c518121f5

SHA512
c60ac5bdcc61e023452e262778ed7736ce6aa09a7f28176ca99d9d73d2999e75b6e28ab17f60c8d4e76643239992d3c71ffd2864545270b4976259d5115b5259

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads