c66334c779358da27514e3676d8c717d21890c702ce5999c8ce3e09ec0d1929b

General

Target

3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
Size

85KB
MD5

3c47aa08460ff1d38cfd3f725c990550
SHA1

53cb32492c45751da09be028e302b8b8d3d03401
SHA256

c66334c779358da27514e3676d8c717d21890c702ce5999c8ce3e09ec0d1929b
SHA512

dda79e53bf4d5894dbb7bef2db8ac8170e1fc938d2d55f8e88c60f1403a1cc8e5506ebc2e8b955a9ea44cc84818380e82f64b3ed4458ea1e3de83b970d6e55f8
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKPaL:69WpQE0zaaL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5047) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL110.XML.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-ms.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\te.pak.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClientSideProviders.resources.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 7.0.16 (x64).swidtag.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\COIN.WAV.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c47aa08460ff1d38cfd3f725c990550_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:8

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
85KB

MD5
366274a2693214a742d55ca5d4f347bd

SHA1
f649224f2d442dc354e9cd176b81f63430a59e91

SHA256
6513c8a48f90d2504c54cc58e4e9f020662a16bacb3a16c5bf190ad3eb0c8942

SHA512
bcd09400c9bb02d7ee5e3a761875d2da8a2bcf208144f8b3cc300dc4e296756906538c22fefdc5347e9a7ff7a87f1ff51fcf7bf1a03159b58d1d213da3a1eb3c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
184KB

MD5
c0e9c20802f0a0667bad74ba374ee6ef

SHA1
7389e40ba7e150509ccd8e8189dc92d59b0dcce4

SHA256
3af77c41b215fa280790bf769b889b4d64c86e9874837acd5a8809002288f1b5

SHA512
dbcad7aa3c8e7af0964d971855b514e5157d157753d25d759be287f7522a5dec06e0caa7118ebcbf6f13b8d034f0c8fa7173109629ccc470c08ab8b8515796b3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads