e339b98e177687f76faf5774e44ba7dc0730974678663e128d56190f40032805

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
Size

114KB
MD5

2a41526fb96b610c2c17d86e21f70550
SHA1

bd22ed704848fbd774e8daa8794eb716d92777f4
SHA256

e339b98e177687f76faf5774e44ba7dc0730974678663e128d56190f40032805
SHA512

4667f076f12554e2a6c4fafcfe5297fd2f6388a6c0cd330ac8e2eafbc7f78b920420fefc3545e9e7985b4b565c90a71c19e08058b9dd8122249e5fddee380578
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVze:RqlIyFESWu0SWuGSi

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4822) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul-oob.xrm-ms.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-ms.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TraceSource.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp	2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2a41526fb96b610c2c17d86e21f70550_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
114KB

MD5
264895371b904151a8d8ee59a9f33e53

SHA1
49b9037da2da594f5eaa1b2ee3e1c15b0d1b0132

SHA256
e25a9d75861f044a60be318d6f55550c3a7d41aa6025a22d8ce53e62c8db0156

SHA512
b63ff5af37ed33f8058c2e67ef198f40fa6b444184a98cb08ebd60d06ead29ef66537c5d9a255cb8f87aec80c9fccd6e3b92d7e2183b397bb6c2a2cdea30a347

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
213KB

MD5
6e527c03f535bc77379df642a9df6f93

SHA1
eec62ff6d1af225d814172a80f25493d8b4fbfc5

SHA256
a9c13fe1384ab774fa72c1027b7c333e07239eeacb9db0c79cc919fcf9d3dd1a

SHA512
c7f83a3b5d67a4f0135e97bf97249f19660f89ab647df2310edf90211a9e0e77c57d0a11f92993433aa842e0063f08e20be323c66ba9410cd755c9362f3e99a5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads