1d107fe0c4ec8486f6a84bd65161521c18143ec67cd7fdf90a4b9563b9c6f8fa

Analysis

max time kernel
150s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
Size

96KB
MD5

716510f7e37d4412cf57b2f062eca5d0
SHA1

425ea3908632c7e806aa2beaca1d74a21fdbbbeb
SHA256

1d107fe0c4ec8486f6a84bd65161521c18143ec67cd7fdf90a4b9563b9c6f8fa
SHA512

7818b15de5660637918e25fe49d5a22c6c05f4ee591f964b03dbe0523ef73e63125fd6c99d899e221f1c2721aad5e6aabcc6a101865785da9314ea5d9856604d
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEmPxP6:tFPxPke+eImPxP6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5107) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.NetFX35.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.White.png.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sqlpdw.xsl.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\716510f7e37d4412cf57b2f062eca5d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
96KB

MD5
592ed8a4f18c5641b6bd211bf23e7aa0

SHA1
132fbb830b7bb4eb4c1d93808469ec84b63d3ae7

SHA256
fd9e948bf9007c7403346c57fe0acd0cd22f0648baf626a0d2ff21183fdcc8a7

SHA512
f0b7afe113dffbd7a9e0a5875193f7a981375b069631c460ae493fe612f177a996fd11fa70e267457b1be882213fa224379202a390ea328a732fcc1d98af83c5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
195KB

MD5
36e94463b1be5ec97cc86ccacf881e43

SHA1
abf05d43b65e28d0494fb43850153a1974bde3df

SHA256
4b59059d5d5df184469116983ab510755e3084539c221f7964fa117e35b22778

SHA512
f0c416d74283f38def2a611e5ba05bc47b5fcfbdcf9ebfb2dd307fb32988db8357b1c370a032b0b819f2150f4c4f5028915e4844d09bb43a5186fd8d3f9ff51b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads