46266841b83e4647cc759171b0eb9457c2ee0090dff4a2e6eda09a66c051eae1

General

Target

4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
Size

44KB
MD5

4380e094c3aa3dcd002e0ca70eda6300
SHA1

25aafd4d9126962fe739425f3c16fd234bf299b6
SHA256

46266841b83e4647cc759171b0eb9457c2ee0090dff4a2e6eda09a66c051eae1
SHA512

ac0e1c8bc8df12d4dff301ac0686580c8e8f95aa31e47cb0dc75ec74bbec1ebdcb7a7390e938608405776e95cf3d3882405cee77b310f00036bfc873edfb5537
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGDr+8/8P:W7ZNLpApCZrt8PWGoPWGDr+8/8P

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5186) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.png.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ReachFramework.resources.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationCore.resources.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.NonGeneric.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\110.0.5481.104.manifest.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.tree.dat.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sv.pak.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jmc.txt.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4380e094c3aa3dcd002e0ca70eda6300_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
Filesize
45KB

MD5
811838d3a9c7a51ac38d3a14c8ca62b6

SHA1
d31f77a8558426e3460a5fe68fb88c557390f13b

SHA256
489fdf7e215477a1c1562396915d8a0d9cf3892c5f25a10d86512fcb26bbf92e

SHA512
494e048ba35944a2dbe2469f1534664b6ad4a70d2f6a810a9cbddbc4c49a6795ceca4c912934ba7dbf17a66fa130074c9615d6021627e05dfb49b06f9498d6bf

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
144KB

MD5
a317330af7cfa7aa4489731da9c3f4c4

SHA1
6fc4ec0391ab2dedc49447ee185f7708252c0613

SHA256
093602d97a2ec9d7ae810473ba8632a1a160f2f8cd8b673b94187a96f16421e6

SHA512
92fb7e199a4f0e560ba5301b79b6b05ae4b42322ba121aed5f0b5c353d556a7392930e454239926e8c1caa9ca264395ef5a6f95beebd91e112ca9eb2fd140ca2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads