f64c67f533f6964b0475083de76d9ae38d17cb0d6a7757fce97994053747559a

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 19:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
Size

79KB
MD5

242e62777bd71459948726f28d96f7c0
SHA1

51f6b2563098ebb1d013b8fc334aad7b9c116aa2
SHA256

f64c67f533f6964b0475083de76d9ae38d17cb0d6a7757fce97994053747559a
SHA512

51b78a57fb31d3b6046b99b42b002221887c112e1203f42447eda4440b97582763aa82c17a91ba6d80c45a0ef0caa073c91635574c314f2f4476e52a96e39387
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhn:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5117) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\ConvertFromTrace.mp3.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-pl.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxbgt.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-BR.pak.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ppd.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIANEXT.DLL.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.LEX.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-manifest.ini.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp	242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\242e62777bd71459948726f28d96f7c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
80KB

MD5
4b097efdaecfb13cce6e4d158beea724

SHA1
9935865aa38becab9aeb48b2037281ab2cd54a3e

SHA256
e0c25f0e51a89bfcbcaa047ab18efe9c49e75721b58d284b7ba7a2571d02986a

SHA512
bf0c8eb8c5d37659ff8ee4719bf5498ed2511d7ec6aa2f2b95718d7609723879e347ecb77d8ea87ecc28e8ff7fff31644111c49bdc6e9c647492751e51e4c1bb

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
179KB

MD5
3cc453c4f12e3757bc706e595e162035

SHA1
8f58116db18df25a5ae95eb0a40397ed3e0af861

SHA256
d7d4e9dea5e46b6f31195e3996c8876f953a852dfbc9822d04e86b654856f8e6

SHA512
f3275735c704d99085e46d6b1881d29e81adbdaefd9cd5867abc3d54ce2e2fd7098a33ad5e825c70da2666c8d1bed599fc16811d5ff1465448f1aebf3dfd8417

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads