5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 11:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
Size

87KB
MD5

32410c9a95d41d48bd7bcaa0d9b1b210
SHA1

34d6a0ccd730ba12977dc671d60807663e572854
SHA256

5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9
SHA512

ccff8ad5a3ea1335e5120236847057da0fb406c4e45996130cbab65151e5e8721f6cf81873129463454725ec31b56a1d493a757208c9e46787bc8250d88568d3
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhi:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsn

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4865) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\external_extensions.json.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationUI.resources.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Input.Manipulations.resources.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp	5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5ab9d0c60f4a8981c602b4dbb199a8f68a743bbbde207afd18d4064262a32ab9_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

Filesize
87KB

MD5
fb3b8c7557334234de6d4ac82abc86af

SHA1
f2d572179822df736964936fedca561b1d1d12fa

SHA256
a928ce4a61443717d5308e74a40634e4a2ce13f9f9e0d1de54ea7c4c78dd47cf

SHA512
bfdcfde906c43794f09c9b9538ac307746784c4a58baab4fce3e072a00ae21701ef08eebd820c498b7f1fc399032e3e4e572b994cde559368d3edf9aab9529c8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
186KB

MD5
0f43f99a50c78dd6461796f94fffb5a1

SHA1
0ac2201517edcbdfb0b52e6e76a39d2da1b089fa

SHA256
48c9a43fb678af7c4096384dbe287e00fba47b392e4c6688f938dbf78ab6a669

SHA512
ae7292d56a5a3be23aae93175e13b0247c4bf0ddcb732c625826894a35bb857d319cfdbb3ac32d7fb9fc7c86ea96f73cc5848634497544016c4761a15c87c1a5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads