5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5

Analysis

max time kernel
149s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
Size

36KB
MD5

3c27f1487913f9c56ea60104c75c9800
SHA1

cc311950076531fd81427b5b742b2d523263b5da
SHA256

5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5
SHA512

9cea51dc9eda973f2b251648867ca7ce5fae7765663378b0ca41fad9a68d9fa9623cd5ea710989158a2b120eb85ead4d6a443fa3a07d14d26d3c3e6d65dc257b
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN2TQ1nrq91c+1:W7BlpppARFbhknrAc+1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5362) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\orcl7.xsl.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\SLINTL.DLL.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.White.png.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationTypes.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ppd.xrm-ms.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ppd.xrm-ms.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\WindowsBase.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyLetter.dotx.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5de96bbb206a0239565f4d9035a0a7efee9d5f122e026f46086a2a4b82537fb5_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
36KB

MD5
55afab4794bf113bbff01090e89e666d

SHA1
d0a95ff595b49474ab05bb17430051792e07040b

SHA256
6fad59c961786d37fe5b8cdcafae62466648d4b5f4f5db6d28be0cca41609385

SHA512
f95f0408d4e456db763a1169dfb280743c2a012842678d03fe593bca36d476c86bfa8b1cdf20c5898b5a669b487636caa78a003c1ab7a8a79e376cd5b082fd15

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
135KB

MD5
c3d6671a4277388d1f284a6e9bd9f76a

SHA1
5b1b70ba745181e58f4d407191c2907710b57fa7

SHA256
4e6c1d754285787b2829a9d3c5560f8502f56c060175a3bcfda92d9eaa280a8b

SHA512
31ff221feb0c61c9cb93d49e81511d6de2760192c1c1949a74bc862c72fcba0030fec61e02448cb0cbfe9b43a004939bb721dc623953b6a10b03e57fc45e0572

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads