0077ee19c3a8381bd4d683f925b88ddb21ae1b8a9760476eefa3f2433705affa

Analysis

max time kernel
150s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 08:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
Size

133KB
MD5

c585e507d049f51745e42cdf371372c0
SHA1

6a54016256a92c2bfd7ff5bbaf3724c573511cdc
SHA256

0077ee19c3a8381bd4d683f925b88ddb21ae1b8a9760476eefa3f2433705affa
SHA512

8c17463eb0de9f9ae6898bf344154e4cc99d88e92773ef760f77da2d3ec81637f4e423e2822424df5e69ae75dbff81ceb74ad36a73c9b4e8ddf2ca567b6856bb
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c5cfYf1BP:/7ZQpApUsKiX26f

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4771) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-pl.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es-419.pak.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL086.XML.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\mlib_image.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.security.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp	c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c585e507d049f51745e42cdf371372c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
133KB

MD5
54cdf6703c091f3c2fe40697d5598b0d

SHA1
94020a8c286980e8e15a5e454d927bbe4feecb2a

SHA256
7616516c14d0f992a1638ddf48876660c72c6c4f0c73dbd5f45ab4868c4246df

SHA512
b1e72d4599ad5641ec390d57e22948f63ef8c238d333021f64884e8288996ca7084dff16a3ab09cb30ed330f5220b4614ea6e377d4585de2d221990d416c1f7f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
232KB

MD5
e88f56454d3c2f82d29fdd5e86484af6

SHA1
87e0b017b0c303a16400e40c063ed3443dadda3a

SHA256
fb2dcdea6a8db8364cd9cc67a87740ce3cd824e5c040ffa1a1a62386da08a2ce

SHA512
ba7ba3755fa88248fec66e77963fa61e735a278fac9f5e0cdfd50b1a1bdb06a6ec3abb673cd1069214f3f9a37d614ece3035af46f69d3ea11a0f82a9722643e1

Download Submit
memory/1692-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1692-1784-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads