ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
Size

98KB
MD5

417c81cd9cdc0317148f17fec2bd9410
SHA1

55e772b176654f63cecfb5695d0fd3a8d6d7d6e6
SHA256

ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10
SHA512

53499beb119ae6f6daec34d7bbeaff8893e92f2cfc0e138fea59b9616df58d97e01948cefc8a4a58ef51c8c4d69bcf860bb74b00d61e783a260627d3d19155cc
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBK:PqFF2Ie+effy0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4682) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\cacerts.pem.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\Welcome.html.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\ReachFramework.resources.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationFramework.resources.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp	ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ab5505ddce38822fc7059603db4373f07d675c357fc21b9a9b09ddb15eeb6d10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

Filesize
98KB

MD5
2b26906ee068b2bccb5d96d6347e4f83

SHA1
7dad53bb03b2613ef56a823c05a17dcf835dfd06

SHA256
818b3e24cbf8496cceb4db2fd2fabe72083ae8dd8396128219c1c0f470e65bff

SHA512
14a9fb994a597445e0ad6a457859bc4e887b5f58e22aee22ea94be0c1e2ac78dd6f249b9e7c170680e9f9bc66e961a623ead5859a02b6afeebd1f0a3ece9c2d0

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
197KB

MD5
3837cd3317f8f7a5302ee371b422f740

SHA1
3107297218ab079987e0f566bee86c064434d0ca

SHA256
7b9aad7b639b635be4c1d2f394293c589176407a6865c0c9d0705b9a6058b869

SHA512
0ac57ac9657e31ca646ee6ac1d4b74b15df2d3c15731fd6be5db0446532ea605f83c5600bbc87a215b29109a80107ffa54ca4de41f483345b3da98469f696ea6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads