2863f8ede8fd8d21515cc2adb0209a5fee7620c5c62713617bae2764937aa4cb

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 06:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
Size

99KB
MD5

6720a04c13b893470d0fe5472b94a490
SHA1

730f6d04f33b0fab9becdc76e2ba2695f6474462
SHA256

2863f8ede8fd8d21515cc2adb0209a5fee7620c5c62713617bae2764937aa4cb
SHA512

a0e79a6e54f027869a2134aac832c1119789b0b4599af030b01657e9a713dcd861c911f12e7dede262d0c0255f1cb171bbdd4dfdb170d804060ce85af230de9d
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP8:6rWpcOPxPke+e3fFpsJOfFpsJbgE8

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5005) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\classlist.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SAEXT.DLL.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6720a04c13b893470d0fe5472b94a490_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

Filesize
99KB

MD5
52820401d92581db805385edf17d3c17

SHA1
4bbe764e374b45f22dac0d897b54c6f9ee97159e

SHA256
5c8f4541afc09ea27679a24385f89d5d75728705f138f3b2238b53c2a69a28fe

SHA512
f25a33a58c6245e593b7e8c95f8614c55aa22afb49a4a666d6de60c9f895482bca839abbce0018965325b623179384fdc401addb9130827c23b9ac96b5097d99

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
198KB

MD5
945877300f55bac4d7fbfc98934bd3bd

SHA1
32ba51e9adac79f623ae0798a1d61087bc192960

SHA256
ed0ba51e2183ce67d9b27b7ae78718feef9a46617c3d840ff99d6987e4c2c573

SHA512
2c8152ea941546d909f82e6caf95edd83dd12f2cc83b0789e3bdc72fd1bc5743c51333fdec1f790db7226d32f650607ab1394503da564ae2dc144a36df034c3b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads