225236c1f7d9905ef737914a9dd9ef7694319860a2977c1c9fb0c067b3d3b002

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
Size

131KB
MD5

cea4fa71c6d90640968ac57cbe61aae0
SHA1

fa1dab691dde292d2736bdcbbebb0d55a1537092
SHA256

225236c1f7d9905ef737914a9dd9ef7694319860a2977c1c9fb0c067b3d3b002
SHA512

9a7d412fe934184b5d1e068e86a696441846141977d70734f3ae086437bdcd52b51087a939d486e16ea6122b5379b714c5a1f687fbb4482eb519af00d003395e
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOH:/7ZQpApUsKiXBvzwvzXJvlwJvltb7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4788) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\dt.jar.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-BR.pak.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.common.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_clienttelemetry.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationCore.resources.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cea4fa71c6d90640968ac57cbe61aae0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
132KB

MD5
6a4d11d81d302cc9d6171f5d32d677d3

SHA1
524e361ed30fb9ce8032d04272a8415ff9b1bd58

SHA256
a528140b9cd2e022e6390afbef53eac11477336ba7d0d188d9de09ec2d8c34ae

SHA512
5190445a4cd6131a0c82f6a8c9c79fdf4b566f91de0ea26aea602d301e4fa50a8e11779f0c3646dddd6ed5c252ab198d06fe8b0230ba8fb5787b68abbbfbd69e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
230KB

MD5
c274f02ed691525d6d51d7b348a867ea

SHA1
eaa3af48b17a41eca68435d331bb113919fd4cc2

SHA256
61b467c9773e777914160df141af0ab58dd26033ebbb17df830688e5d72aad59

SHA512
7573fad6e6ee2d843ab50a20b7695b52360b3bba67f759a8b8968c8441d3ab85f9b4fbe1bd4062e6344be0388de404a90b13c40f0b0e1860d175a9db07d102f9

Download Submit
memory/3432-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3432-1750-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads