cb9cca343eac805bc2fd4f063850bf5c92c908cb542917de3978849d0b39e432

General

Target

9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
Size

93KB
MD5

9289fd99f70be68574d1c49db1797280
SHA1

6336ad37d3a8785b7ffcd099387c64aea66689f5
SHA256

cb9cca343eac805bc2fd4f063850bf5c92c908cb542917de3978849d0b39e432
SHA512

f27795a4c00eea14d1917ae2d75e919b523c47ec73e32b6176aa524ac7b618516e418cf5e10cae68c10cec4e6593555be9689136a6df3c4089acfd53f0711e3d
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNf1F:6rWpcOPxPke+e3fFpsJOfFpsJbgEx

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4841) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jjs.exe.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\msipc.dll.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ppd.xrm-ms.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\currency.data.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLTS.DAT.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp	9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp
Filesize
93KB

MD5
b9f9fd3697d47c7295a9efa152113d8e

SHA1
d9404bbdc7b9dea6c2ebafb88d917220c5e0af54

SHA256
0914371e6270eded0af61d6cbbd3a4de01a0f87ca65b4367c90a87bbaf7549f5

SHA512
873d4b203e477f477aa4e8cd3f867b711d0d42dfd738ff16070249c2bf8987b7d2edc28c100a3460de7e900a54f751d1f3e8630bf959cacac66ba3d2fbfa4154

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
192KB

MD5
c326f1c876edb209455481da8ce19791

SHA1
f64b75f6c03f1cc9d1409cdf90ff9cc8a5abcdc8

SHA256
07db30b2446b80155f45b5c935f1164004c201e8c6deb2d1aaef2557196fc548

SHA512
b3a318425911b92a55fdb760b1f3d2a1a8dc475ac6b558735f747ac223990a50022a201b66abffcfd212de42eb053421d0764438b81ef20e7ecb59eb2d2a9cd0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads