350ec63b88918b543e9c41dd70624c825734082d43d7f375f4309c7af9ba04d9

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
Size

128KB
MD5

cec4354c159565bc85ce5f757badfac0
SHA1

1ad518be3007b86e41e98792aa2c07ded50abb9e
SHA256

350ec63b88918b543e9c41dd70624c825734082d43d7f375f4309c7af9ba04d9
SHA512

22463483b764d9117fbf5eca7bc0de9783684d1550ebed8a2d05ac9c401f3fef9b01127f4bcc468032fc3cfd2d0a74d9178b119f3522f2b98f7b4fa2cfd02fb2
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzf:RqlIyFESWu0SWuGSiUT

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4831) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.dll.sig.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL103.XML.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN110.XML.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN020.XML.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp	cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cec4354c159565bc85ce5f757badfac0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
128KB

MD5
21b0f28fd53b30c0a3f326b530ad20dd

SHA1
3c417d2a89d6ab450937f30185cdf1e34eee8ccb

SHA256
099a1b201632a75b141b80262ee66aef931d42790a8203d7d9d3968b3c78a183

SHA512
b027f2808d5eb23865fc46da97376c95402379358f832ac565ea0de408f971020f89fa662784405c3277ee7a7bd0681572af41e127dcd7a0233f31c95ce8ccfb

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
227KB

MD5
5a1c354e86f4059bc26944bc619c07a3

SHA1
a9ce5ea3b916475f405c7f641021799cddfc6e6e

SHA256
1a586278d3c50e0c30b12365ed154486f3068aa09757fbf292caafbbf344ab13

SHA512
bfe89ce6f3f08ef26fe1383185e8fe6c4077d638131be40e29f899d99ee7a5dfb77c67497b2cbe33cb66280090d9a3661eeccd1e33ceb91d69f3f6a73c51520b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads