5e976a6bfb99d4e4a0c27a34c079085cdb87b378840dcff1bd00d0fd1980faf3

Analysis

max time kernel
150s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
Size

112KB
MD5

157840f94fb0e3918ed7df714b4c4ec0
SHA1

ef0ecdb85ac9cb36f1d6ee9c5821ddf95f97cae8
SHA256

5e976a6bfb99d4e4a0c27a34c079085cdb87b378840dcff1bd00d0fd1980faf3
SHA512

f9efaebb3ec326596dca40729442b41515bd90b81f541112a4a9fd0109c6dc222d66f3662ae7abd122d5c492c80198bad6f2cce30a64a776a25d016c7a8fc7fe
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzS:RqlIyFESWu0SWuGSm

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4856) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\java.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN086.XML.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoBeta.png.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN075.XML.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xsl.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MINSBPROXY.DLL.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8ES.LEX.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp	157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\157840f94fb0e3918ed7df714b4c4ec0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3940,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:8
1⤵
PID:228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

Filesize
113KB

MD5
37d5b6b38d713f9a5707ff4ee04c9277

SHA1
423efa361c579699a5f4dc7f0ae48a162845aaac

SHA256
da6e3ed0a8b39e45f2f138a2dfb83b8f5513fd92567f509c77fdc11e84d167a6

SHA512
29d16fb5aa95206b4eede93b3f5a2cb784685269371791f37c6eaaac34fe9a8cb93f21a48206a5b4c5e6796d76b48a47f3dcc2894db92901e282613102a292e9

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
225KB

MD5
a0f781eb46596485175f9d8be86e0617

SHA1
ac5b91eeeda0d3b6aba23d89c4009afd20793873

SHA256
34a0246d025d746be1c448bc3381252e189fbcc96ac61cce811eaff4010ab42b

SHA512
398453d56a659129e6c696f4d38a86197859cbf350f43588002394b9356a3063b8f0fa4597153c2fe52c153c290a75cc7820ae850cbdf2cb3fa45a60592593e7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads