00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f

Analysis

max time kernel
150s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 21:27 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
Size

53KB
MD5

9ef8263b64dbe60237c00c384352ef20
SHA1

039fd8732e5da359cfcb5ffc55d5aa034e17cfb4
SHA256

00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f
SHA512

0a1ab03e079717d4b8d45b062a9b67e5a6a0051b791311c79856c09b6a731bf9e413d62cebb6d29d1d2172d9fa8a7ccf59762772aa9e40effc8eee8bc36ff2c5
SSDEEP

768:W7BlpppARFbhbt7Y7zPhwyPhwdOwOfG2c4LczqNn:W7ZppApIayaz2pck

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5244) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL020.XML.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sw.pak.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VVIEWDWG.DLL.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.boot.tree.dat.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\REFSAN.TTF.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\management.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\nacl_irt_x86_64.nexe.tmp	00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\00c5d15e162451734c5eafe907227cb0e7f9ced6b7075fa5133f07b2f1f2cb3f_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4384

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

330 B
5

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
54KB

MD5
108ed3d3f14b52fa7b029b966d51cd02

SHA1
85eb74d694827e4580c5dbc8bad962e3bcd7becf

SHA256
247d8d9ff2ee85fe17f92695d84ca92f17f9c0cf8fbecc718ebd099f21eba5c9

SHA512
4c7a7ffe2bdbbb797eb1bbd951cdafa454faf89adf5dd93abfb4f1a719ffd99cd5c05de61d21b61a23fdcd9db33f2ad7479fadbd9629019b1bc4188a34338f28

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
152KB

MD5
b4af62493e378249a513316178ddb92f

SHA1
5b01395829107b1d750f554e8baad841e611bf7b

SHA256
89e0acbe2c380dab0460c7248b67354504933cd2fcc452afba1454f7399ac63f

SHA512
45b51ec7760ca89e6c0f7caefa51950ec9507802e9a703465a8bd3fd2e9b21b920092a3b1a03529ef649901c201f08102aa57d4577a6e0fc5b6e786418d314ea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.