579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9

Analysis

max time kernel
149s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
Size

80KB
MD5

0ae3d95b5f1dc0e488cf6adca547c410
SHA1

232c2b01e817705621b4df9382d4c95da93fc8d2
SHA256

579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9
SHA512

8387e38235866a80dbfa1201fa615e56c2f63e4934e4a64bb1440906ff52d6b5ab4d27e81217ac59931c81c6a1d7edbbd100e577a05186cc7eff9422a2980f33
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhD:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsm

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul-oob.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFUI.DLL.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.boot.tree.dat.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsBase.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL022.XML.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\am.pak.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp	579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\579d17b25baa29ee5f38d051951fb8291729b87d4c106d3a84c772da1c6191b9_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
80KB

MD5
0f86707789e238574485bace5b426913

SHA1
49c7f3ef565013032f9cd9e6bb6fbec83136baba

SHA256
fa2b568527ab94ea3a37b07909ea4ec0c449e9ab9a1c9c513551ca44a9a7766c

SHA512
c5095f234ecc523a8c52816ad512fa997b46639e999b63a8a01ff31a5eab0c93211cbe32db86da6f910c5eada4ed5addf55affc3320d475e63aef7ab6824fe41

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
179KB

MD5
84af221fcc0b5aed554e1e86287ddcf4

SHA1
1e08075832eb1ef690218daf658c658730eeed26

SHA256
d9d020553251462e8b0d8a0b300a780ea1c7be6c36aec4b9737db6568134196f

SHA512
c7b9826c247ae2591c9f7e5c4e23ce281773d5e173a69157d116f40d488b28f8e99fc7ff963848f6b2f2569bfd9e747e9d0cd9666523ddc94a87c765b3421cd8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads