fd8e45ce23ea01f298a8f993b4d3a7391e73ec34a5606af6e16edc95fb9460a5

Analysis

max time kernel
149s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 07:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
Size

82KB
MD5

a618b78deafd16f5cfb4c574994fdc10
SHA1

1ac25f64a6319b488c330b530d78e290c6e9e628
SHA256

fd8e45ce23ea01f298a8f993b4d3a7391e73ec34a5606af6e16edc95fb9460a5
SHA512

d8028521230f2351409861239a3908419cfad643e3cf55f545eca609dadff912e28618efe544560d9f6c7c86245ac415999b39a9971c65d084187fad4d7aeb07
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lD3q5qB:6e7WpMaxeb0CYJ97lEYNR73e+eKZaDaM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5202) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART13.BDR.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.png.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.png.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ppd.xrm-ms.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.White.png.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp	a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a618b78deafd16f5cfb4c574994fdc10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
82KB

MD5
12280ab074bfc30d433f511d7e905898

SHA1
b34492eb17586fe2f7ca9b273b29f2efaaaeb7ad

SHA256
38c91351d9ab4d636ddce45412e73491ae92cf4a021a056babe2743dde4d3b2a

SHA512
4bc2ea29a374558a7776accaf2bfeb1f01b09b10eadf311e62d4c5da9b5a5dd705a584df23de3cc08949fb29542a4937cc4cc255d3d156472eda09d128c0a52e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
181KB

MD5
55ad67f63d67425d08ae534dbae54e49

SHA1
f39a2268374a7d61f44edf8b3de89d8c2a794e93

SHA256
3a30b7d5fd0a6886137e95893375ad46c03005e513015fd21008f4424447c6f9

SHA512
a2096b725331f54f995234ccd1013cf3ec6b9d03d91715f56a2a22c0b99adc887464bb7ec4f1209ba6080e4401d15e96e7540b41ab53253ac671184595e41fe7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads