5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255

Analysis

max time kernel
150s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
Size

94KB
MD5

f37d0966b2cd54540b19565f86aba2e0
SHA1

4b8f1b871cae7ed7eb3f9c504993762f96c59609
SHA256

5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255
SHA512

f84e2a8727911cd68431f215d03f8b272c4717f3f5da290c94a4fe4baa6f503aff96fe81a784c808512e7352b3aa035b85ecb8bd253f48249d7d7eb75630aadd
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/OfxRfxHAu39Au3Ww2wb:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf77

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5192) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Primitives.resources.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\C2R64.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\onenote.x-none.msi.16.x-none.boot.tree.dat.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICBI.TTF.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-heap-l1-1-0.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL.tmp	5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5f673128dd68e90b93ea351573f8cd67d2619e29535c8dd1759ab62a891b9255_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
95KB

MD5
6faf3d6077d436cc760ffbffd9d2c359

SHA1
e6759c0856146586d8c4c398377aaafa3bc97954

SHA256
46d2dba9b5b707300a82ae4f8a02148ea0c0b106c7c883ea8fd60441f5247fe0

SHA512
5ef65c8fd08d3caf8a343703b68b29be633d827cbb7c3c925b6231d5f3b0bd0a75edc3b1c664c1b2703fa50a1de5c9d2680127ce0b37d3df43c88d26b771c5e4

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
193KB

MD5
dd476b49efe721a58686f5b14002b5c9

SHA1
79d89d5d03d496a5be88256cebdb015167296129

SHA256
45b7690865aff8d64214a82ea44067bd828311d16213684c427c6e329d0f1bd7

SHA512
70abef40c854daf8ba877d514ce6eae1a5ff2f2d6ef90def7fe9bc6ba738535432150e754c07aa4600c48ac4eb8fae9f51422274590cf5886ed7855fb614e9a7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads