25ca2060fad4d74b30f7d192dc1588774d033e3b4af460bc3fccb13d150d2fe6

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 06:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
Size

85KB
MD5

8f56dc824a0d5596082cec4c1827caf0
SHA1

1b0d9e39c64b4190e8cc480cb75c3e6e4a099059
SHA256

25ca2060fad4d74b30f7d192dc1588774d033e3b4af460bc3fccb13d150d2fe6
SHA512

4da3a6efd81b078a455356e3f61a5b789a8177f0b416cae440e039fde6090a0ac34845c5a027d0d192fad4f920c5f084b89387ef128436337f82be3efc29138e
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPqm:6rWpcOPxPke+e3fFpsJOfFpsJbgEJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5141) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\release.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WebView2Loader.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\SLINTL.DLL.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\msipc.dll.mui.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\onenote.x-none.msi.16.x-none.tree.dat.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ktab.exe.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\BlockSend.xhtml.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8f56dc824a0d5596082cec4c1827caf0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
85KB

MD5
c735431a44dbecd25702f09cb1af2eff

SHA1
6909ebfa7dc64608ee18697b95733b29ea198c4a

SHA256
369a95736565c07b373b61969339b3a1db79fdb31a716736426fbfcc94e61d21

SHA512
7bc97f432bee27fa55e900793e40dfcf3bb55216e789a21dddef6d33cf950f6ded483fb3222e109925b6a531bc28376a37916b2549da4391fa068e8d181fb245

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
184KB

MD5
b4568ceb86412a66c3de7c7935e1ad90

SHA1
694c88d2d241efffba2b371ceeabb257a6395727

SHA256
9c2b504f1647750b3bf994ae53708f19f31e20c050db9b706d36b00356ef13ec

SHA512
b5a6ed1d1816dff58689ad6f5326bfd483ccc3c5a59a9581412b381a73f29ff600082a0ed7eda006ba8bf508d23a6a7aca088f6ddb6120e176e58bd4df44614e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads