5b354a40ae3a2137f56b97eb774423b4a8e2bf2695efcf647a55416951158a01

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
Size

128KB
MD5

ea6327b2f0ad17e9745b737c528b0660
SHA1

663c1ddafa9eb3889314d74441f99c3cf2f6da22
SHA256

5b354a40ae3a2137f56b97eb774423b4a8e2bf2695efcf647a55416951158a01
SHA512

e70eb91531a10b566977fa98754ac63cfbae31759ab816bcf901607fc49fe769c2fd0862113b8ff9c7f3bfb88b70401fcbb652f472a49deee8e02f9a7c7a38db
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzu:RqlIyFESWu0SWuGSwxR

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4716) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc_sb64.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pl.pak.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsFormsIntegration.resources.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Timer.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp	ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ea6327b2f0ad17e9745b737c528b0660_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
128KB

MD5
04ce64b9569b7cedd2b08ef37f7ca9fd

SHA1
3ec07866d34d9f0aecb8e1782fd0b82770c8704f

SHA256
02905feaea0421e05e1df0d178defba2b34e17c9d0a1db53fd868431e62e083c

SHA512
c25ba558879916d86f3503ed2e1d4b39fd320e7f5bf470a6edf333f112dd92fe948a02aca8ce77257dc629461987820a45d93b63c2b1cd067cc96193adab6567

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
227KB

MD5
d3b493ef74121267bf08c416e6001317

SHA1
48cc8cf44a27cbb3e8ee469382515349a15aee9e

SHA256
e52a9135b6e6087d04ace4628d26dbda585adb8bdd77f54a8a3e692f25a53fb4

SHA512
b1c239a9140efd451531e0509cc795915572c046c6a47fc9cbd1018fdaa614d9f7b1b47f48eb15e95c110b09d782cc21018a7154b6bfbb5e570e5892132fef1f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads