15c688404ea796bc62be797f9f94763b5c45c38f501d7e609c4a026cb54e3c43

Analysis

max time kernel
150s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 17:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
Size

48KB
MD5

5c313c4eedac508ae2b4b3be5a99c660
SHA1

a682fe08084a075b974475120d7eaa27b299a8c5
SHA256

15c688404ea796bc62be797f9f94763b5c45c38f501d7e609c4a026cb54e3c43
SHA512

700e0dd26bf778ce34a5083ff3287e6716e51047b2652a886ef55ab0239ffef28dab037082f8190b96968d74d3b6c6097ba9a01d40dbf59fa724c1735a9abee1
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJc4rwJrwW:/7ZQpApze+eJfFpsJOfFpsJPwxwW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5206) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ppd.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BLANK.ONE.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.resources.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.common.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.tree.dat.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5c313c4eedac508ae2b4b3be5a99c660_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
48KB

MD5
7898ed1bc2a023e4623dfecd14416486

SHA1
cd1aad11aef94df6399accbb80b5972517b2a4bb

SHA256
87729517f234a0ef73a966dd1bb8dc5866f465d0d3b397b39a46785c904f40ce

SHA512
9cc6c500785f86affa942cd0a7429d989db43256aa04226dea68c99a01277f262e86ae73de0fb04ea600cf9ee946940336cec3b3fefff269672d45285bd28da8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
147KB

MD5
88324215cba2ca6c8f3e76ed745f6e51

SHA1
87573d2c2cc741ac04de042144e221769efa61cc

SHA256
66db85f3d44a5306dabe088254e4320165c06789aeea03ea039bc42137e2ab91

SHA512
b34a8bca51fab1db26f00136acb1d9f240eb233e8a9927e1e18f75a9cd41520ebf90c4c0e92ed4e5ae8d5b1878ec2a0904eb6f3f8a254d90d5ad2bff1c828356

Download Submit
memory/2476-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2476-1954-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads