559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 10:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
Size

65KB
MD5

96338223e1bf6b419e73ec3ed16b6280
SHA1

40cc1cac956d678ab09348e6c4adcd9e52db0753
SHA256

559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e
SHA512

289e32a89d9316625851c5b0efa133bcc43a2d834d3c5c513ac66a2d6aebd8488c3d6c325f0c157a20d90f8fa91716bf4cbafb31e87355b06a288008cb805497
SSDEEP

768:W7BlpNLpARFbhblkYlkuvIYFWcDYcDlvcYNnVvcYNnnUS:W7ZNLpApCZuvIYYoYoN7n97np

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5201) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pl.pak.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-BR.pak.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.DispatchProxy.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.DLL.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp	559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\559dadea49e61846a1201b29c0c1f3be9a6537a5473839c14a9764b9d7c81c4e_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
66KB

MD5
faf225c703e5a7b2c7fd51659d80af1e

SHA1
df5f7c2bbd929d977353409c0218686a8cb8b914

SHA256
e37d94c5b962f323f01a80e9a4582dac8d62f05059da826f7e8b1b11a9be58ad

SHA512
927ae0468578a36c57f5cd6738dfc763fc64b704a5848683eff85ab94ea317ec535af200c53968d0d0a82a0fd45191aa533aad6a69e6e35c0c71d1472d07fe77

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
165KB

MD5
6d16c75bc130781c1b123d932cb91fdc

SHA1
5a65289b1df90d49bc8599d4114e107c697a8a77

SHA256
84c84c4c3105f5b9cc5eab9071f0845ab229f36401ad51706167491051af7083

SHA512
78a1b555d726441b688a36f7dd35f88eb4b1750f5b8a5f7bbccbcba5c909f9072386202968cff30ffed41889ce746adde7300af19313637d5414bd80211e07f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads