e5d4e30dfc8e34a44421980697cf7eb3b4d9b331e8059dc7257d54e1276f136d

General

Target

7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
Size

78KB
MD5

7408e0212d74a7ac89cf3b56c12e2fe0
SHA1

9948ccb4dca3a2423072e012301c5feed67e2310
SHA256

e5d4e30dfc8e34a44421980697cf7eb3b4d9b331e8059dc7257d54e1276f136d
SHA512

9b3072f55857c8a11fc6801eba8727cbfdbfab76b436a48650b708f516cd1d9a664392e545c8956a5973dc0251ca52bd2269315a769ec90125699364570785ff
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/2vj:6e7WpMaxeb0CYJ97lEYNR73e+eKZ6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5190) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN026.XML.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\th.pak.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.tree.dat.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-100.png.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\SLINTL.DLL.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sl.pak.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-CN.pak.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\af.pak.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxl.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-pl.xrm-ms.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.GrayF.png.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.boot.tree.dat.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7408e0212d74a7ac89cf3b56c12e2fe0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
79KB

MD5
a501e368c48e99ddd363d04c7fac36cb

SHA1
c36819cefd3bc9cd760e8cdfd0e44ef690657d7d

SHA256
3130e2d85f39dd31205448780d900e66e68a5a3a91be4263a67c3c00e36321fa

SHA512
a2c7417c06cd4da0698e1a4aa85a5401e05550009ad982855e8df7c3b6e4a106e355a2d05a1dbb546cbdd5f9f0a30ce5280e29c1827eeec78ce84402d20b26f9

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
177KB

MD5
effa10d685e44d48e3dd288e3bb1562f

SHA1
b4afbc3e758ded9c443d615e0a7bae69af6ae2a0

SHA256
7b3f5a88a92e7c2e51a94f05c5625adf99ae6275c2b3d0c829ea0f00081f890a

SHA512
353c6ea5db83ec53ad0709b9e481aa13bc7946cf8b6d58e7caf0da50eb2e15857e09c62197c1280303f30c47101aedc675954775794c6d04a8ed42e8c60f5cea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads