97810055a816013e88fda63429a2031900ff39cc689adef2c5f530d0d11180ef

Analysis

max time kernel
150s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
Size

79KB
MD5

51f2d18a5f237cb2eab3a20b25f17c50
SHA1

eba01d225244fdaa54f5959533f0c8b0a1d3cb39
SHA256

97810055a816013e88fda63429a2031900ff39cc689adef2c5f530d0d11180ef
SHA512

1b223f624e310da2418e7e29ba95f959184351b750db0f9cf05527cd00951b15e2d367cdb28d8c9a557d1dafc8b5453884e0ecc498397743677a98e543a69f94
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7YWtMQQQ0:6e7WpMaxeb0CYJ97lEYNR7Ztg

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4141) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hu.pak.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\th.pak.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp	51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\51f2d18a5f237cb2eab3a20b25f17c50_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
79KB

MD5
5f62d94bc86ede46d049079872274901

SHA1
313d4c738ed0d312be1c629050c06597662cc8a3

SHA256
ea77eadf6a066ba927b9484e820751db7f658b4c4c1b748431fac06626e3ee0b

SHA512
88a9257b0e551e5a209ca2af913e2e6eff3faeb0833edf828c64a4502ecd9fa5253a8a87bf391c5bc85012c8bb9d8bcbcca921c0befde6d54a4069f55fa61700

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
178KB

MD5
4c1012a7408f311d4f726a925f235d5f

SHA1
597741e25ea4d8c433e563729c4c93a3a8e9494c

SHA256
786dd9a9274fafc066e8212b942421ab8cb295f4bfcd8e2a77954f7d5a6f5bcb

SHA512
fee1b900bec1290cd853b1bec77aaa776922bdf6e1f7f0a3ab01d64a75ade6fa381bc5ee5de5404df5d70b2cade12892c0ec80c52c39fc00b1488b9654fc48af

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads