114536994bc9304051b68307a6b8fc2a713e596624285a8c8929cfc3d7a99ca0

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 13:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
Size

116KB
MD5

e06afecec357d53e204007ff0049edf0
SHA1

ab7be72b83d52fdfb57faff1c5022db391b158bf
SHA256

114536994bc9304051b68307a6b8fc2a713e596624285a8c8929cfc3d7a99ca0
SHA512

a65d71157e3eee478c56bdd993c48f9377c6a5efbdce01e96e72217f47252b2777fd1a9e56782b656488d4499d627d738001a19d4f932a0fe88befd51a70242f
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c5x:/7ZQpApUsKiX26/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4831) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 7.0.16 (x64).swidtag.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul.xrm-ms.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ul-oob.xrm-ms.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp	e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e06afecec357d53e204007ff0049edf0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
116KB

MD5
55f3efe156b4f4500f7056fed9c6248d

SHA1
8381f10e60e65e9838b30cedf0a0dcc8079dd70a

SHA256
5de19e07987af785746e3d447331f35338b2653fa9e1b33108118bbc63a5c7a1

SHA512
0508bbe472c721b77c2ade55677ef78e6e858cdd4ec7b98d96c0008d6506af12008800cf0bd10828d5178752ed04d3d456bdf848b52cbe719914ca5b3d8a6f95

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
215KB

MD5
bcbdd33e4d61b49cf6c769bb7502bf22

SHA1
2d91be16aa2b5ebc711cfdf1842c7c09f5ceb825

SHA256
0c2047f4ac3c3499b3a111527fc56df75eee9ea67cf8550a5d636891138a6eab

SHA512
b1c0f0ebe5bdfea958106aa1afa578ea14f8f4e19f4c35a6f65ff8f98e1e10790cdc10c9e12ceaad7a303e4d554deefc8fdb8bd3501ac31e870112b6d8ab8d8b

Download Submit
memory/3256-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads