de8c5567aae24defe934b8df42558884958fc5de631efc3a2387a87e0b77ffaa

Analysis

max time kernel
150s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 10:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
Size

79KB
MD5

e89032cbc8d2ff5e70d98b1049edbe70
SHA1

3816bc2062003dbfb638004e12d35b71bf751e11
SHA256

de8c5567aae24defe934b8df42558884958fc5de631efc3a2387a87e0b77ffaa
SHA512

060903d18a6a7f4adbe38164451d1d1a8639de74f8fcd5c07b667fec99dcce2cc39494ab939150540369dcb51816949c890f141e92ccbeff3f085ceefd368ad2
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76NFk:6e7WpP9oVLQthbYY9oVLQthbUvF

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5040) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxbgt.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\net.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnPPT.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp	e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e89032cbc8d2ff5e70d98b1049edbe70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
79KB

MD5
5ab5235aa5f7d269a9798da32e7b7c13

SHA1
24e7e1af8d120739928c5462018261515153bfdf

SHA256
1c94d5e7fb9b4749f9a90cdfbfac84e56f1b502a314c84f2290bb5341615b836

SHA512
be77936fe670b3ade8cb9814a37f39c57f4c9bfe76c2e292a3bee4c0aaaba75c85bfb698014ac11845cbe10ba3e36fad9f770f9dc514ca229dc8cb76b835d7a3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
178KB

MD5
2d22742d418c96dc692299c21512dfc5

SHA1
60a041eef1004db028cc3e712317c2dea7f6bc5c

SHA256
09a901f219c1d6696b06f0eff0ca1b1af3d996f637293ac43e488b122c1fc79b

SHA512
495710016633308213e16983839b2c9db822a06cafaeef931dc2b3b57254259a72569ca51e68b698ce3166d5afb855f26ecec0e403c0ffe6fc40c39acb3c15a5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads