e2c790b79b9352d62bcf04969bf28becf1e97e33510eb48c3631d2b7258656a8

General

Target

5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
Size

83KB
MD5

5a27cbbb03918761175276dd482de470
SHA1

cad1dae1e7fe494f2b6ea3da9c92d768fb8ed200
SHA256

e2c790b79b9352d62bcf04969bf28becf1e97e33510eb48c3631d2b7258656a8
SHA512

04e47d48f4e6933ca38745847bb31e3fe2de6e657fd8e3d131d6bdf690a07e4421f49ae7aae8b6167caeb968845a35a23154c19486a86e956ab4d1a952855267
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXad:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VX8

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4783) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Xml.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp	5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5a27cbbb03918761175276dd482de470_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
83KB

MD5
6003d396799e8b6f11d438c94dffd870

SHA1
cd5fe692aa7748dbfbbb62b80bf8d1f4cb9b8e69

SHA256
15fdb0fbc4dcf7cd70359a954da4d5e5541f4450fe2681016232e03f372a1fc9

SHA512
aabc6f0e0523774f99bc0763cecc534bf3f1da6270846e1831c8dfa6fd161b4f1d823b3f8b097fb2a33c53fd70f9f31986886577c4f150e99165ab0c8a69b40e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
182KB

MD5
7be6db6bb943cc6b8bd917f68432888f

SHA1
4b1fc38571d0d7a9a019e9a30b0d277f778c2340

SHA256
61ebccbf547d7b0452ad0645f0e8960ead90dc42cfa9f13b45adb909ad3bbe97

SHA512
e9132c5110c0c8242cade002c71ce19956f793ca0ba2880074905e8f852cf4958eb14fbea51cc508e08f6439096c3e5ca011c58db87d845fe301bd0acea4c8b2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads