e0c0aa86e04126fc3e5530cb71ee3cc42841a8e0016cd55222eb51c4dd307b6e

General

Target

6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
Size

82KB
MD5

6c7fe2ce8ca9a40c1a939aafb59eee70
SHA1

c97b70e617a2bc1c403a1b15150da8e075cfda39
SHA256

e0c0aa86e04126fc3e5530cb71ee3cc42841a8e0016cd55222eb51c4dd307b6e
SHA512

fbbee1b014d0b7e570b937d42528f3ff12b9440fae0d99980722f5f4592bcbb96189f40e9d9a7fc60addf4fb01ad1683df623922897d2762a339eb2905b92178
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXaq:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4651) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ul-oob.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-pl.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ppd.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libEGL.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6c7fe2ce8ca9a40c1a939aafb59eee70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
83KB

MD5
7a6fdc792fed0cb7002a257971586b62

SHA1
262b56b3e8e0e9e7a69657c597f61fd930a71126

SHA256
6d3a4b20815dadc25c12d487311dfada13ca21f1a32250e78bfcbaf015c8ca01

SHA512
f334289dd2e26a6ae3732ae70436fe0e2f8cc1b2ba5ff120e2f5f2b847a5149973f2cd81e955435c8792404bb2929ded3768d12283d1152bf80e9e0703efc59e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
181KB

MD5
c13357df5b0b1c697327560ef0cee17f

SHA1
67b4a6c280d7a053dae74ab7643c3a7c37f1cd61

SHA256
96073d25afae870680d6ba6cf5fcc3ae88162eb8c6d865187f47e6d5b843e242

SHA512
0ca0354c5d9963673fd0cd1bf1743739ba02698736b9ee29dc9782ddb06660b9061566ab02bed18599922e5764bf043356ba51b5c4516da2c30124f574f73e84

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads