78caa6c63f49e2a4de3ef02d6bab7462b072824647d1b4de2c843a0ee5b9cbe1

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
Size

83KB
MD5

625e5977f5f51b3bfbe3addfa5b74b70
SHA1

4dadd357937b14943b65e6a6f2c4657fe1fcc159
SHA256

78caa6c63f49e2a4de3ef02d6bab7462b072824647d1b4de2c843a0ee5b9cbe1
SHA512

9102a095cb5f2e94830d80b6d2e125ed3e9b277774f76e3d22693a0f565c9013594a0ef2b1302c556ccae2742eb68df5f5e79f4583427bd3c861bd419db7656a
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXac:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VX9

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5057) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Primitives.resources.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\concrt140.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrgc.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\msipc.dll.mui.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.DLL.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.LEX.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\TextConversionModule.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Extensions.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN090.XML.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ppd.xrm-ms.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp	625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\625e5977f5f51b3bfbe3addfa5b74b70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
83KB

MD5
7ad4123a7193dc922f799f0769d8cecb

SHA1
7393ea0a10911d0cc7c0fa307706f196c0d759c8

SHA256
8ca1a1556dbe0502e4b78d0b07341ba403560a615a9d16886ad2c5cea6163999

SHA512
3201dae01f21ccd87e7187e47bb6feb01c3372e512b11044c91d07b0b69d6c44cfcd94504cd6218c3a3b65da0329f492f02b1e7535f6ccec35c03d33702d3ad6

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
182KB

MD5
1349f7d6c44f216209ba685bd8ba9c1f

SHA1
9977e1d108a75e1ab2b884d5b57c7df9331283f9

SHA256
1b188553d49b58b3b91dc4b880e7a3a54f226c6ccda73e0961d5bb2fa41dcb9c

SHA512
21d251c80a65b27b962276b5d7d0bdda6fa7294777c48b25ca303dcfceca5465be80e28c58b6154b0f68f44eb838c15182236d85a74b3216041f7814cd5b115e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads