718e01365199ee32b4fb939533381b9472db4bc546ccb0a911d6602412bcc606

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
Size

45KB
MD5

5f4870262845ce8fc9dc0322a6c22ce0
SHA1

d8aa651be699c7d98afb2952022e2bf7f4f581ef
SHA256

718e01365199ee32b4fb939533381b9472db4bc546ccb0a911d6602412bcc606
SHA512

f101f53c2e9a9d18c748640fa71820e92fa93da5aeb5b598bb5764bbc5c5ba20822cb22161c2541b6ff755703bebf016e70dfa9c8cf58239f7ce0299a4984f60
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGBJ0CJ0vYN:W7ZNLpApCZrt8PWGoPWGBJ0CJ0Y

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5033) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-ms.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-ms.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.White.png.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-PT.pak.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp	5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5f4870262845ce8fc9dc0322a6c22ce0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
45KB

MD5
81e5648277c8c21e9a81ca797482d677

SHA1
a50fc53fe9e2e24b24ec7b3674885c65d56a4fc4

SHA256
fc9eb586a8984e3c5fd7d6e6887bf4a94b7278699cdbb5cc8e48218456236e0b

SHA512
62c612bd109e8dc18311da8f72b15beb69dd3902ba3fb08b4fa809994c3787236fd1df2c2ce34431265c6980de0538ae83e2d0a66f97d8e356fa148126a0a524

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
144KB

MD5
277bfaac126672286af3170b2733b1e1

SHA1
a2ae690e784ee4ac990011121456e4d4b3fba005

SHA256
c381c1b66bff5397f5e44dfcdf9eea57c5460cd6aeb14c70dd7f81fec7f0148e

SHA512
1da7d6251a1b66b41d9bb594bdbc6e27ce02dace7bd0bda5f64888cf96b9f70a4c7a8975c6d210d0c982918c02b55b49fa57bc6a4cc7945bdc94dde99c49632b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads