a17a4cb2543b2cedd443b4c078c9bca252b1e0b1a765e9d4fee9479bb7ff7ff7

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
Size

74KB
MD5

25657b2875fc334ed1f0bd5301559100
SHA1

d6de8507378edea8f9e0805030a8a025c579d5ee
SHA256

a17a4cb2543b2cedd443b4c078c9bca252b1e0b1a765e9d4fee9479bb7ff7ff7
SHA512

0c97f273783624a6308d3d7a68b6f4040f664f4183a94b61693b75d1cf06d33ce8852ed50a91e71aec608491af2a5b983821f67183b2e53b3022142725a6653b
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJRxwMIMY:W7ZDpApYbWjIlE77ufL2e+e7xM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5114) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-ms.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\meta-index.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalLetter.dotx.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SEQCHK10.DLL.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Design.resources.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp	25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\25657b2875fc334ed1f0bd5301559100_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
74KB

MD5
396f260c3c6a92739216b71331344a7d

SHA1
f1d5cf0161b03a3d009afb461fd9ab8cef92d885

SHA256
c567e30c0c8aa2b11c8474450110105b64a92c7c9971a0312564135749744613

SHA512
6ae92a879ce4764b4d9f5098b9d8673a99513bedb2bd6f6b557eb0254af6944701196c0028c480c0da251e14598dd97d0eaf9427438c4b39a7b0df237fd676f1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
173KB

MD5
1617c55a3f22f7960ee360a28b4183bf

SHA1
3a01b03bf4c2f395625fc95abbde18e9f905b111

SHA256
3f8db6de20096b527e6d28660ad28e63d423f8c4194d39c175cce776918b5ef3

SHA512
5773450031745c5838b7e9e9338286e46fd6214aed30543eb946993db2d29e80ae4f3576a37dd4efce983ed6738f4776c32817215ca5416d9984febe6980164c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads