fc97d1580e98daa1aa9b4a7c4a760286fdc90c3e240f4528fc85b8ef241fa765

Analysis

max time kernel
150s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
Size

65KB
MD5

5d27a0d83290d3f7924daefb731e5c50
SHA1

7f22fbd40ce991f222ac971e5889439c155a5305
SHA256

fc97d1580e98daa1aa9b4a7c4a760286fdc90c3e240f4528fc85b8ef241fa765
SHA512

58bf88e6365b865bd4c87fab3726bc9d002b06e8422f3b5095116a02c4d2beb53d52fb17fdcbcec63b113c54607cd47787c881129627dcb925fd1d857d6802f9
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVvv:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDct

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5045) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-BR.pak.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp	5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5d27a0d83290d3f7924daefb731e5c50_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
65KB

MD5
76c9a5239d0a40d23923616e44b92272

SHA1
ee4f44ddb708264f9eae4b79e33fa2f0c9882696

SHA256
20975ae720107b371f93568f062c0347dfe83082d69701b5c205b5e0a0f04a1a

SHA512
6f8b5fb46307b8e55d71f86023464064f54530d8700c364735ddd850128c59f86260c9e8c18f49e9599d2d23f9e690d783b99793e7363c125f0a189f6b81e6a4

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
164KB

MD5
220b627c2bd940b2b3c64380883eaea4

SHA1
12ca7d4ea817cf90712f5b2505a06829037f9bae

SHA256
1d2bf8f62359dd24ebfd2a13d013267dc6bfec10ae5e002a8b41b78b54e73351

SHA512
013b81a7b2a03ffdfdb159d7ef03ff3a0dce37ad58905a20b30c9a0294a04e5f0b6fd41e3b46f983945aa60a9c3014487f1f50da38fe5b2ade2b54aa893cb3f1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads