21cee6ad9f6649746abb2a93507baf348dca80ab184f83e461e80c24d7ba328d

Analysis

max time kernel
149s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
Size

29KB
MD5

eaf29828e30926e47fc35b590f804050
SHA1

e82f4cdfc80dd31125d50f4fc260c7e3e7160c53
SHA256

21cee6ad9f6649746abb2a93507baf348dca80ab184f83e461e80c24d7ba328d
SHA512

a81307b6531b937feabd0b24d5bdd55b50fc36ece54f7a71653c086347825d65249db3def2b266b487f94d0b903d168eb2db78ef87eb95ed16eb6834b7a25ceb
SSDEEP

192:tACUADIY0Br5xjL/FAgAQmP1oynLb22vuN6GnN6G0JN:GBt7Br5xjL9AgA71FbhvuNBNqJN

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ul-oob.xrm-ms.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSF.DLL.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-100.png.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.boot.tree.dat.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\vcruntime140_cor3.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osmux.x-none.msi.16.x-none.boot.tree.dat.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.DLL.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp	eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:5072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
30KB

MD5
7599d4b733f3143ca783ec43781f1798

SHA1
e0e9c4f2101a79140198f2c362b218ebb047f640

SHA256
1228f3728c89062dd1fbcc3cbeb82dbe73fa12e38dface182199c40889d74612

SHA512
5f8e6ed81c3e7987f0484f4380fb1b58d71dd81bfe0234f3e005de5b9f39b21810f9babb2c23286cb65cc5d61babd15a805bc93cb78c368dd85186d944fc072e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
128KB

MD5
f4afe78b8ab0f5ba9b60ca4369831f54

SHA1
54919b1c3e51bb57cc419b9159543c45c4cf4139

SHA256
597f09a04d6f2ee34172286b1c018734be9765c24bc68b25337a7408ad591411

SHA512
004daf6e57b15a8dbf01a2b4ff4b6fd92d81921951506dd6f9692a0e7724ed4a8e55c0b0f027b79727edf204cae82e7596f69d2c6b34b37ea6e2aed43bc35839

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads