2d863ecb990f695a3ab377418a676a23872e1274c2e11e0eb64f0686ce2d5a18

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
Size

81KB
MD5

17a0ae72c11b4e4e1677b6a5030d7590
SHA1

68e09c77776d5dcf0e464d10f473d4d583a1e2e2
SHA256

2d863ecb990f695a3ab377418a676a23872e1274c2e11e0eb64f0686ce2d5a18
SHA512

4dc1c584b7d226a4168871ddbc21cf5400df0e88be5cc8873ee4c4ce2c11968e8833b2024d740b5f9d9e5fc78e2fd24bdf8caaff40c9a9e0fa6dacce31de1dd4
SSDEEP

1536:W7ZDpApYbWjIlE77ufL2e+e16al4StuStz:6DWpwE7oL2e+e/l4+u+z

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4859) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\dt.jar.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL116.XML.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp	17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\17a0ae72c11b4e4e1677b6a5030d7590_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
81KB

MD5
92a5c31ec8e7b2e8d3367f00b4ee4b41

SHA1
cdcbf38366d92f2d186c561c553a54bc68b4f2fe

SHA256
5d87463213eca1fda0a211a6493ddc8c9d8bd35a143cb07a2d2d42fc1fc7d288

SHA512
f44e39ba10d6f5380061b786f3840f378bc27fc98f0a9ee4dd1490eeb367cf348a8c76f76b97f7f8c28b0ec7b5cd7a37d636d1c57d20aba3d418f7dff7456568

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
180KB

MD5
8c96ac8ccc847698d2b83b395a26f5fc

SHA1
2a56bd19dd3790cb7183f1569ffeaab56cf4ca18

SHA256
7689226394c4fb5d299d372f59238a2c9df3f1efd6429bcc5860b12aba644708

SHA512
b63213ac4cda9439cf711b0ffe4da761000a5086802d3a63a217094c968e7fa329d2d74b5f5ee7801f4f4102fb59f5989783f3daa7cbc753828ff7f29aa6aca4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads