a7af1dd21059b587a6c9374eec9f62fd2790123b3a4801a918575ea077a803f4

General

Target

93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
Size

48KB
MD5

93a26fbd7f4d45de8470a0abaa76c6f0
SHA1

8c41b746e92edacd8cdea91903af15701933bc99
SHA256

a7af1dd21059b587a6c9374eec9f62fd2790123b3a4801a918575ea077a803f4
SHA512

a194d18e76e1222901c2f2970d37daaa370fb9b09816cb7b354043e86b0f037183240fb7cc81079bd992c99ae27921167d5253c48762bda91e1c16fc81080219
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbN92JQuB2JQuk:W7BlpppARFbhWJQiSJQ9JQh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.EventBasedAsync.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\EssentialLetter.dotx.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fr.pak.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\mojo_core.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.stats.json.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp	93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp
Filesize
48KB

MD5
2e5837763414382f7e0a7f6fd81ea8c8

SHA1
085ade6c55cc3c17590c4d15fb332bde2f5904cd

SHA256
d9b6b01c8efe45b731a779a477f0c6ec8ab7c03c47459dac2736c9a57755b887

SHA512
bdb9ba97513bfbf9ecc41cab107162dff85aa1b67a5b0c48d3a46c9390402501a3928fd05bb8bbc210a6e8d781293e16903f18f9072188e5a49146a697f481f9

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
147KB

MD5
641b2d6b45a91757a6745d9f93ce404c

SHA1
42ec11b0ac135bce6a6eff9fc066fb35f7e85a81

SHA256
1ce7c9b13f3469f7f767de41748178294d340938c9674d958108c2fa95db0ffe

SHA512
53cf953dbeae677f1cd7bf30af3d7b811cbf1aefde9fde18db45e373bd1ddfcb3a5d46c7c617b386079193ccf69d14d2d28c1dcf755fc56383877b227a0bcc34

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads