5acb5576a45224cc49df865b99989f493a91cade648fba4316182e570c536523

General

Target

9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
Size

85KB
MD5

9458c5ad72caeedc6f2f11344a3b9930
SHA1

8651a6cc171b596e6c30f06b5bd8c9b6ca00e2d4
SHA256

5acb5576a45224cc49df865b99989f493a91cade648fba4316182e570c536523
SHA512

1f252e7c4e75cc9218c8121c542c96ecc84953755afb0059a76e175ae46ff39cf36c3dadacbb009a400f1e7ae216e7cc0ffb1a89e172036249f4d4d3653503f3
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76uSQ:6e7WpP9oVLQthbYY9oVLQthbUvr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5204) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.Client.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.White.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.White.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_100_percent.pak.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.RegularExpressions.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe.tmp	9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9458c5ad72caeedc6f2f11344a3b9930_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1760

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
85KB

MD5
ac80ee45567b3a293c3308b79de8c1ee

SHA1
5d8370611478d150f9367f471228035ce18429e6

SHA256
de92275e89e10e26903ca94688b993d68a964e730b129fe1bfd543f51d14fd86

SHA512
bc64963d8d820bf7b51e3ff019bfca1ef5b654f35a5aeaf69570b442a5c227a913636aed31479c4fa0b12630dce1a3045fd4f8ebac9e27a7a7e9af3d4df16ee1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
184KB

MD5
b0a50a616d37b7edb92184917a8b5d30

SHA1
ae2118525d2a6507f6137021457bd7a92bdd730e

SHA256
a8367f74d8386157d53d1ce2811a64a26496c5ac142e111ea4497c296ca53059

SHA512
c4e5349f51a7035c0935336be539106195d8cdb660a241d02189a3f74705fd01f8d9ce467bc208e70135e064ba1c76c7018cfb29a0c14bd6b16990bd29f9045a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads