cd92dfde4955a24f35e8359f972e2401a0493988b4fe44fc35dbcc82800f0596

Analysis

max time kernel
150s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
Size

76KB
MD5

e20d616b325d43abf6e538734cfd5b10
SHA1

ef0ac19d1bbff5f9f80db0ee57662c19f1635526
SHA256

cd92dfde4955a24f35e8359f972e2401a0493988b4fe44fc35dbcc82800f0596
SHA512

9942e4d0272599e9d58975bea9f83d3826c6a09e6c9b7f539c5cdee024855697e4a46e2719cb2e829addc2493c32415afcf1b6b8a4e7ab1cfacf8d33ca43de59
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/fcicG:6e7WpMaxeb0CYJ97lEYNR73e+eKZf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4855) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\am.pak.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ppd.xrm-ms.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e20d616b325d43abf6e538734cfd5b10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
77KB

MD5
8a290b7ccad7e116af2a859dc5f1f7dd

SHA1
09dff4164bdc96073f460e07c45590c6976daab1

SHA256
2570e4045bde80c44803438f89285c9bf41c75759008fc2ff98bed91490ef543

SHA512
bf5741db090e6538326d030d8a2d351cd211e565a2c6f55690740cd768b71fa8a935a13be34d562dd8a7f04a76f1750b3475af623749577b985467b5d477cbd0

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
175KB

MD5
8fa9e77efb8a28d53c665efc912f5300

SHA1
4e7d3d9fe4d49e7cb2af2398902d69ca92285b26

SHA256
6d179a39c49c0e0df4f0077905eb9a463fcef8f8eb119bc57ce5d6e4a884eda9

SHA512
00bfe76de348d25dae91fa654c31ce408b8e5d4918ca2a417f48e5c4e46847cd7bb24b9e8eb0a1ae28a94ff053b8bd385129e3c36c2366a7acea1c640c6ef431

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads