54f87e2b196096def7330d99cf5a190a86b6324e926b9d3b509b1e4a3643baed

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
Size

127KB
MD5

1e263ec125c02e6a283521b98e88abe0
SHA1

c48b8962372b8ecf522c6cff058ce68276c457a5
SHA256

54f87e2b196096def7330d99cf5a190a86b6324e926b9d3b509b1e4a3643baed
SHA512

6348cbe5528889c6a495a0a17c428f719395cbce01de465d0bb51f97e42f7bca142f02aba44600f3a8f182d26841ca83081e4bf5d3f257af2900f6c6ee8fa766
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVz3:RqlIyFESWu0SWuGSb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4655) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.exe.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ul-oob.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.exe.sig.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jjs.exe.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1e263ec125c02e6a283521b98e88abe0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
127KB

MD5
31961a8e045636690e4567c8b3f33fb4

SHA1
a890e19b8f2dc050a71ba6f2c72f53fe6ad413f5

SHA256
3c441949008a9dc065117c1794e472a65bade73c0175d418f3211cb19ff57050

SHA512
d5804e01666e22733f289d5e4c954a29a9098be655ecfb009583e66c2550b9c02492efb63ed667de693746c29060e963956d3d51b87156dc998fb33e72b4b174

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
226KB

MD5
1ce09edc83ce785b66e9a2f3f16eac2a

SHA1
334fc0df16b84b40ec27d92d84f831cca5dd7b57

SHA256
e942f2b87f13ded4ea92b98bdcb93b1270a6c9e81926779166b0c5d935c7a0d9

SHA512
9be75ef8ec680e3a44c19c7c6c8e8cc1defc8bf17725fa9f8cb7e962cf1ba18955144e5a5bc4e2663e8c089c70c65b5ae69da94cdd7944315da878624bd71af9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads