9dc7bbef3a25aba83f3d701ffa222f808d333534e997f1f132f40a3c73645d06

Analysis

max time kernel
149s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
Size

86KB
MD5

b5adf01eb24141dc88df33590bc34b60
SHA1

f1f3fc2f92a793ab1cea610b4336b5f8e90ab9b5
SHA256

9dc7bbef3a25aba83f3d701ffa222f808d333534e997f1f132f40a3c73645d06
SHA512

5b5c135cd2596e6c297815192d96c267663463689e8cd5164c9a409b83e987c4f69d8d1c64b045ea47194693134a22ad059d91846550f2334565aec1653b46b8
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNo:6rWpcOPxPke+e3fFpsJOfFpsJbgE+

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4845) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\LICENSE.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-oob.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationProvider.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.resources.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-100.png.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ul-oob.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp	b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b5adf01eb24141dc88df33590bc34b60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
87KB

MD5
cfaa4f27a7e845d4d7bac52d5d9b6353

SHA1
632c46c8c83702e13f11a8b295454824acd7540f

SHA256
460fecf87b1c58805ac50a3534418a38bd104ccc971738f8a3c7c9ece53ec1f7

SHA512
1101ae87e3f3b1559e899d641d6d5981953dcea818635de506ed9f9c1a168b6d25838acf31bf9ab7374ac5dc5efd2f9aaa953eeb1487d38e96aa93d97d2dd074

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
185KB

MD5
e6f23136438f2218c648df6800866176

SHA1
e5bb494e6c0480f53c4bab7dd9fe5f6f93c43a0d

SHA256
3940acc07976f58c81ad565758123cbce6a0181be60188983a499d64aab5dc2f

SHA512
18eca12b6a35de7a988c4691f66277da09e1088268b2c0e3032744acda82c2c5d04bfa1a4188d229e178dc6b41cd5fb3591e0ec6f7235a6297b2af3b5afe496b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads