be99549e1e34b7d092c22c90a47c0fad07d3df04d7ee62be1ae4de5bff77aa70

Analysis

max time kernel
150s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
Size

82KB
MD5

2ee5d0356431df41474744ec2eae7420
SHA1

1b4f0285adb6378ee28dcba97a043dff434f5050
SHA256

be99549e1e34b7d092c22c90a47c0fad07d3df04d7ee62be1ae4de5bff77aa70
SHA512

1b7645e739eae325fc4acf15ffba6ab5ef8a9b408c78bd39d0ad5bded0cefdc7b2426ef82607b7d959f5560b33de02f5954e831ef8ee5cba6e93f183ab1a7b4a
SSDEEP

384:GBt7Br5xjL9AgA71FbhvoBlLLrvCGQXX9vCGQXXH:W7BlpppARFbhmvjC9vjCH

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5184) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\da.pak.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL103.XML.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityDataHandler.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\d3dcompiler_47.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp	2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2ee5d0356431df41474744ec2eae7420_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
82KB

MD5
6c809c8d935d4ab9d7232f706c81a110

SHA1
77413a6c4d7df82e28be554ea9b01d28f466655f

SHA256
4e6193176509ec3e71d58e11eab5a27c1f4e556357765cb8438c0c9acc1223a7

SHA512
20454a6a62ee52731b0ea4f4f1f1ea1369629c892b5295b3e79d7b47aa8140e148c902c1ae071059661e62d778fe26cafdbba213b4ceeb0c9ca27a2f3927d82f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
181KB

MD5
2632b3c06393e5066a1733f02853141a

SHA1
d6bdadfd07bd0047b2dca1dd612dac30ef157499

SHA256
3eaa962368500df69567d11705c5b6fce868001349145d1751cd3120b2722fad

SHA512
84668243ea2b3837403da0877c88342c4555258cb18a1db6b70b8eff8c329f509247689c3b47d4bb7eb1c6a67295d7bd7ed9c7fc1c761bfebb0fc3b81af1ad6e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads