56cc719336b43a450ffc9ef9d7180336886b03916a5a9d97c0ac64a4e98fed63

General

Target

5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
Size

81KB
MD5

5155a780a9358c297237a95cc8151b90
SHA1

d1be0ca824c24cc5608bd303f724400fbbbbd24a
SHA256

56cc719336b43a450ffc9ef9d7180336886b03916a5a9d97c0ac64a4e98fed63
SHA512

98aa37c0ee13fbf96f9968808e16951a3dd347a0604e0d52b7ec7278d83fc641dbab8fc3b4406ca055cc6281aef82f93c7f47df6d2a417920a64bb3e745ff570
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEht:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4843) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 7.0.16 (x64).swidtag.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sqlpdw.xsl.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClient.resources.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp	5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5155a780a9358c297237a95cc8151b90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
81KB

MD5
d9f22fbca8280e7c06a348002b36bc72

SHA1
2d938a3271c44d28a1dfbd0b6c1c35c8518f84d9

SHA256
20bb82caeb9f7e7eb9a9100c02434b109a86f04d43700abc34c2ea5437e52759

SHA512
7afcee0163e6eed642e55befaac2561bf6a9930ac50e95fa6d778d18885cacde322a4e7fcaf734174d3e2f0563f7a464684be176e4d7d0e7461b9522facd1705

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
180KB

MD5
940c268cdb6dde1192cd575e8747ed07

SHA1
10e9a1cbd3027fd5024313e121a000cfad20c487

SHA256
c97b0f51033518a640aec2a4bd1a815a8517f4e44e48e92189fd985b64f713d2

SHA512
9de5451d1e8ad193d0e59b0eae8476ac946617c0c952b8e97736612fc706a68f86bb22d7b5a6e07c0ef3f242aa0e09296e77501b48f08af36d48fd247257c38e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads