daa984f0b853f348735a675699197737aee9b68f271aaba6f26ec604cf4478b8

Analysis

max time kernel
150s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
Size

72KB
MD5

ec9afefb21fa001a092fc511969bd2f0
SHA1

7ddbb31098b017419da5741fae3ad997b6bb1b67
SHA256

daa984f0b853f348735a675699197737aee9b68f271aaba6f26ec604cf4478b8
SHA512

d4db22d0cb2c2043145b0d0687a165488603663f3b4441a71acc3c68e81ea3e3b8e0773010695b20e4ae2a1302fbb229ff292d035715bcfe7cbe99ec8f80f6ab
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuNwewpY9F9N/:W7ZDpApYbWjIlE77uNwewq9x

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5097) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.tree.dat.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jawt.h.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sw.pak.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONWordAddin.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.DLL.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ec9afefb21fa001a092fc511969bd2f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
72KB

MD5
2cb02ef012552ae664472444e6b0d2ba

SHA1
0009e529518f7eaddd8182f52edf498ad9dd7d83

SHA256
80aecd18ca3f8e912f0ccf6463fe0357b85247c970e2caea0ba95e94613f4465

SHA512
09dfff9412ad918adb717e5be006fdcce742a48eddb8c1ed20c8e3391bfb104f806a8dcd93947f5bcf1f220af6ae4e19caf50248282f32e085e611031644bdcf

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
171KB

MD5
95d1097c97bb485bf4603a9876bc064f

SHA1
ebe8d537bc2ac891dc731d162832026bc1c8aad2

SHA256
cd6793f838715be32757e8f3a4ea442b9cb5f384f2caf61c7055a640d39310fe

SHA512
0aea4f01fe76bffc2b75123a2d8b3c8f2a1353f034b67b580d66f1077ce3e90447070277907ff42621b837447b271a491a4bcd9ebe033da81072c46ba135f955

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads