10f4cb501dfaa58296ed2d20c48dcf49b094323f86132f47935cdae1f5b535e4

Analysis

max time kernel
150s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2024, 23:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
Size

84KB
MD5

5e7561aa44a7c4b23c9f588c2ad4ca80
SHA1

f787f6147053b1d3f41fdf6b7299fa43795d8c87
SHA256

10f4cb501dfaa58296ed2d20c48dcf49b094323f86132f47935cdae1f5b535e4
SHA512

6558a4e595005a982ff65f7f4f5912319cd495bd382756ede4b13c9726291c480f29035189252f352ec09066378c6e7b03c9ba77af1ee157455c27f922140586
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaqMs1MsD/WGy0OufxPGSxPGJw5c5ZWfdJWfdpMs5Msz:W7ZDpApYbWjnWf05PG0PG26f0J0b

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4649) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ppd.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\mlib_image.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationFramework.resources.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp	5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5e7561aa44a7c4b23c9f588c2ad4ca80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

Filesize
84KB

MD5
d02041adf6f65c1a6b6446e06b0822f3

SHA1
45b85733d390fcae3a1f4ed6a54dd362a6c5208f

SHA256
024c2166199863f60e23541cd1e653d504aa70f63a3879f6ad4042f60e67b5ec

SHA512
4beba61c027e3b2950defc0943409ed680dacaabf7b4d855d56a97bf0950b77e66f74727c2629897f093e4bd0acf24656cfc2c370962674d34d69ebc81c84ef8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
183KB

MD5
406e8bfa60c8f0970e61f5bba19f84c3

SHA1
2ad032aefc332e98c48888591106eeaad099e448

SHA256
91704068ad21272ef31f9c33f461e9534dac06109eeab19d78cca3d394c2117f

SHA512
be10a027ed0f91e2fe49b9ffa000f5c1ca35064877e940288b12745cc33808ed6f3796d2000614b94cac78f0665a85e4b26ad59fc201c8704c922d0767957f7e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads