41b6ae0e914db0253be9094d56206e9db569bcc15077eec638f30ac84eaf6ad0

General

Target

7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
Size

46KB
MD5

7b39892f9d2b3a1f6e8c0369d2a5bff0
SHA1

0d33997e619df3ab79b613da1e1d1c169baae958
SHA256

41b6ae0e914db0253be9094d56206e9db569bcc15077eec638f30ac84eaf6ad0
SHA512

467ab6c757cef5b9957fb3dd692f0573c685b4a47cfd570a4e71fe7bfda88c2c9d3949a937b0a26a7b910985cf0fff9d344b312ffec95cc4f4ec8424406b1e10
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsH:W7ZNLpApCZrt8PWGoPWGg

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5309) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.tree.dat.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADALPREVIOUS.DLL.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsBase.resources.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklisted.certs.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-heap-l1-1-0.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\Pitchbook.potx.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClient.resources.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL115.XML.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.LEX.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\mfc140u.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AirSpace.Etw.man.tmp	7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7b39892f9d2b3a1f6e8c0369d2a5bff0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
46KB

MD5
350bfe20a5ac23a04ae53685f975d1b6

SHA1
71145b7841e0743eb0b4bb31794f3cc03ee09733

SHA256
18d59dc9f61b5a562285002f972980bdb37d246fc0e655695303984e0b5a947a

SHA512
747cf38c34854ac4fda84dacb0ad42e0abf4d6d2fd47b8d053629303a612362db273adbe77c3c1ac9b5870678fc64030f452d5e9c95a74ce0bda3ef1237dc9cf

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
145KB

MD5
2e3c18d0d5d2ca1d321b2ff70c2066ef

SHA1
66a9c406cb1b0dad7412572bd666eaebd3e92232

SHA256
5f809e74e09f1f0f67c68993e22fedacc72351f05d5fc62a444ba743227b46a2

SHA512
11561f2c546e6e96693f2274b82227f436dbf0919457c969b9e066f84d7978100a460ee8d330c74625d6d537baf76723975b5bfa6d5d71dd634feb9bab1be709

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads