e5384fdddd0cf77f8f1e6872fee44c51981a112094d8616152394e5235347426

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
Size

66KB
MD5

0b55cb2095a89d0f51b9a4acb5a446a0
SHA1

d9eeedba65d5dde2be54e31889564b44b2080a8d
SHA256

e5384fdddd0cf77f8f1e6872fee44c51981a112094d8616152394e5235347426
SHA512

70f8696790171617fab5937804784e1c8511ef7fef2b416a00b3b29f802a1585369f2a01132cb43a865181cf7009ba52ceb981fcb653537975495968d2077177
SSDEEP

768:W7BlpDpARFbhYQkQjjLaManvFNFO/Ms5Ms2Fnj28/8UMWMtb9IWW0DiDyrJfs6fs:W7ZDpApYbWjCDOgj28/8vhtbQ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5172) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointTeamSite.ico.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-warning.png.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyLetter.dotx.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-100.png.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Design.resources.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\misc.exe.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSF.DLL.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp	0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0b55cb2095a89d0f51b9a4acb5a446a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
67KB

MD5
d174b17f7b6e8d29e3606c49af8431d1

SHA1
9d28198f635d3bd1fb06b2d14f4f942a54dfd9b3

SHA256
db9f00fb973f873ad791fb7227c73a0f62f79acc6625ae51f8fdde356289d71c

SHA512
7758fe6a5fef56ee3cc453d006ebad75c6514496546feb5b97c0dc86a1f7645b7f48b9b0ec07747c3e4d370c3580e20c61fdb650ced1d0bbc785d3e90bc506ab

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
166KB

MD5
1711ea7218d88998db19e7027ef07804

SHA1
63fc567beadaf81334d23448f4cff5a087abfc9f

SHA256
087cb2653c2cdf9ea809e10e723addb1b0589f2ef096902239a6f58552ff9a3b

SHA512
ec284618b2f39019dc6547b02659e44b1e4a31e2e561286bfd3a29940db489f7a355b32eaaf906907dd468ab24497cb378787278db94ce9df65b1eb33fabe235

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads