6df31a2aa901fbf7c9f585cae48f7f8687b997b81bae6940151d48071cc96bb9

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 03:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
Size

94KB
MD5

61caafe81ba97b631168c28cfc554640
SHA1

56357636a142143211af066737fed925194bfad4
SHA256

6df31a2aa901fbf7c9f585cae48f7f8687b997b81bae6940151d48071cc96bb9
SHA512

8007c29fa1b56b57edadb61e0ef227d1b47544878c8c600598874900e7f6c2b28268c4accbd44d2c6afb4715f12e93e20a3e6f828b90966d527aed3f3b43406c
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN5Bpyo:6rWpcOPxPke+e3fFpsJOfFpsJbgEXyo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5008) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL115.XML.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClient.resources.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp	61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\61caafe81ba97b631168c28cfc554640_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
94KB

MD5
02ced6cce8721bc95aba4dd8d519637d

SHA1
f78511deda83c3dc53e1004717214ff13d415141

SHA256
cee234e8aa7948c6c9b1e0d9f6326dce5e3b99a7fdcc6f640a63acdba74a6476

SHA512
2d42005cb0c51a39ac5f22686c3f868e12bf7b1f8d9eaf5eea9774c115a52ed9a10b93c5423a4ecebb9b7bb3d24c52aa130921a9058d9145eb15c85d22b162a3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
193KB

MD5
c8d26ea403ea232cced4a3921869e4f4

SHA1
01621caca49b5522abae19eeb3cfc4b115d1774e

SHA256
d5c740ca7d6fbbf3ed97d5e299cd4aea0b0f2610c7030c3ce524d03c3ec1536f

SHA512
64568fe15030e9b79b6c03fc0368d96626010af43af38a315877f6ea67139bc0904c6afb7f31b64d35ebae4ff7d8c94ce87f6a57cda13ac7a1ba620a0d84d753

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads