07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2

Analysis

max time kernel
150s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19/06/2024, 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
Size

82KB
MD5

d33adae4e3a840139c09c8839ab09430
SHA1

cbb63fb5bcfb7382cf8c4eae6756d3b8ccb0698e
SHA256

07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2
SHA512

60aba1e0d07f275accf762063fb9b9c1def613dca3bc66d90f169e04e579231ba93cc56f2456ec2c5540af7a57d055ccf4094be5ee66e3b87aebe1df20a6f37a
SSDEEP

1536:/7ZQpApze+eO888888888888888888888888888888888888888888888888888r:9QWpze+eO8888888888888888888888U

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5121) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-oob.xrm-ms.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL082.XML.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\BCSRuntimeRes.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.tree.dat.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\catalog.json.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sl.pak.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_FR.LEX.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable.png.tmp	07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\07ceb7a0ed338dd4803e362ef73b740552c69c0f6390b93062f39169d11acea2_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

Filesize
82KB

MD5
a9bc01a99b26a6ecdcbc527ddca8ff17

SHA1
8ad2e1db818dca0c0ddee6dedda2674d89d72151

SHA256
c5c83d7cfa1630f1bf37503537cccf39b863c55a6ab42824b47d6794e3c4b192

SHA512
add12f010aa50e25f3d74048848d1050f22e31dcba1478e2e9c8161103be7e065b03a9839947f8f181165158d4d027b60b368e00f0410d8c8e8a757f25b10f99

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
181KB

MD5
626403f934f82fb84c92dd61a2149e4c

SHA1
fe5db90e02d640b68ac5a7ec31cea49aeaec48c7

SHA256
cb5dd1a66225fe1d7a0755f111ef1b4047aa2f53e31ab60687ce1c1d8311af56

SHA512
f847be8dcc81250cc73c3d1345a6df6e48bb969eca3770876d5a8d0560a27d95ed2ca4f83f4ef00e772533ab0556a70d834e6c2d8633955cc8a60180548b05b3

Download Submit
memory/4188-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4188-1868-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads