501d6dc5cdf65330b9f49dd3fedfc640c3e18f96ce64f87e2a521ab87726cbba

General

Target

92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
Size

46KB
MD5

92615d2c23cf56d5662225c5ad6af890
SHA1

c9001a45abfe942a06d2bcac547db8477fb12b86
SHA256

501d6dc5cdf65330b9f49dd3fedfc640c3e18f96ce64f87e2a521ab87726cbba
SHA512

10aeaa9d90fc9c815c8addd9e314ce70b4eecfeabb85317503476270524b1579b20d3242a95c817920d665021bc965f9b3e26a11e29633f276feb2738fe01e23
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNmG:W7BlpppARFbhWJQix

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5270) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN121.XML.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFUI.DLL.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\vcruntime140_cor3.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\net.properties.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.boot.tree.dat.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\wordEtw.man.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.Forms.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\am.pak.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\92615d2c23cf56d5662225c5ad6af890_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
46KB

MD5
467bdcb0daa64641471f6d3a1eae8474

SHA1
4275c3d5facfd18e26e66075fa5a67413dd19a57

SHA256
8a404cd33bafc740f1f3533b5a4a7ed88470a973550648b9ec90b6dff7392af6

SHA512
981fcd9ef5f9b28aa17b239cdd532c348019b52a6ceb827b89cb1e393de7650cc946e3e716be98e02c19e33aa9a34fa4011f4143d3c9a0ba145d2011344d2ed5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
145KB

MD5
591698128295cf3ff4d8e5b0d45e2ecd

SHA1
268713f40e12e6c047b7ba1b934517dd11500cac

SHA256
94a371f0b5d9f71090403a889e1d0998562d396fafe7c5ab411f3d3d3c89b2e5

SHA512
ad0a4b76be81dec3500d990cca240d8971cdad4bf7b09396763b0976c60f45fd050a3b6876142e920bc2aa913b37dae4ec939d6484c06bd3a172b2c7f0046fb4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads