d7c5b569e3fd8e2a01d874595a5c03b06a6377aa966d36bf2128d6e66e8b0c17

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 03:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
Size

75KB
MD5

5c97e1267129e664a5ecd987dabd1270
SHA1

e7344ce10b89cb983f5420c51d931c11c2b3d9e3
SHA256

d7c5b569e3fd8e2a01d874595a5c03b06a6377aa966d36bf2128d6e66e8b0c17
SHA512

6000fa89307812c0978d9ad8585b441c3d8997570441fd0d787312d7d10b84e3e75fdef96316f6fee734c0ca2b2b1f6207a06578eeef38ce6fb022535766313f
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHE:W7ZDpApYbWjIlE77ufL2e+efZwZ2y

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5247) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.X509Certificates.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.tree.dat.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.boot.tree.dat.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryNewsletter.dotx.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BUSINESS.ONE.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_EN.LEX.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\TellMeRuntime.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VVIEWER.DLL.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000A.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSI.TTF.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.exe.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
76KB

MD5
768abe688d8d0c492edf52ea46bc10b2

SHA1
c06a7ed084ea5800cc41bbc838a03d5c354f9b21

SHA256
67e8e4eabdb5e26e1050519e175c7964322f9e886a64c9125a322d1a030ba134

SHA512
2e5cf662db85c989689e381bfc284162c7168063fe036fc5d06ba3b46f9ca3886631f238cc52efaea739674691ade1de17ff2390e708d1b2d1a6db6efba7a686

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
175KB

MD5
ca3c3b6420284bb624d1e1363049aaab

SHA1
7f9ebd878521880eb8efcfa3d22f13a1bfd7148a

SHA256
8265010647b1223c27615bec69a9ae3da052cd2d539e0497ebe22b0274756e2e

SHA512
841064507c58cdf40cc7654fb4fbf53898fa9eeb2d4cee1fe3bc73b3bf83cef23d935ab1970be9c0bdf1d0022b854f7ca3f4d1cae6b1aed1df34e1e54ea2d7ef

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads