b01d9d9815384e06618cbe1d079a3a09092afc4b84c4f5ccdb32de3b2fffb0fc

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
Size

97KB
MD5

eaf200f10cf8aede175e0fe6e487e5c0
SHA1

b322926a0d9e7d8e279fb028a413e944830e69ac
SHA256

b01d9d9815384e06618cbe1d079a3a09092afc4b84c4f5ccdb32de3b2fffb0fc
SHA512

bed372fc527c2f29b6603052551e0a8dc7c4efaef23207da231c1b16f4aad039d48e100c61d9b94d1c1b55f4a597e3d98149806e301262fa547883019cd39453
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEbThyD:tFPxPke+eIZyD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-phn.xrm-ms.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\Welcome.html.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.White.png.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationCore.resources.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\ConfirmLock.vst.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\manifest.xml.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.DataExtensions.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp	eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\eaf200f10cf8aede175e0fe6e487e5c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
98KB

MD5
809b5a846869528acfa6348ea18b2f14

SHA1
9062b16356a36063bd0c794fd7c4f78c551c51e9

SHA256
b6083909861a5dc508091c65d665dcd1d5bf34e12e528cc479dc7a8bdef80539

SHA512
265b8db266b731daf41189fb8a7308a85b28d05376b7ce0256ed28457f4967cb874817e279e0622bd86f619ea85f06ae57da40f235bcbb661a3ae75dc4e9a4c7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
196KB

MD5
24d7ce045382720301717ea9da93e879

SHA1
5120e217dc399a9b25d193ea04450dfaeac7f274

SHA256
fadfa7a551c64f89524079d2f0293ecd562604eaeab56da6b193d04ecc33d71e

SHA512
acdcb4b2371619af83674d48ffbdbeb88cb97e17915ef9424c4b19cfe514a6768192bd76352c2c1fd75c66ec18c2bc0a0924a4fa45eae7c7febcb9a93461ce03

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads