ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3

Analysis

max time kernel
149s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 13:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
Size

51KB
MD5

e4a9155598fd0e19572046d8e478ca30
SHA1

afc02407abf3e07ed6b2d174c5d220166956e458
SHA256

ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3
SHA512

123af540a755fdc51aed4b1f4052e40c1356bf7655492928e678e40ae8b89f7800b8b03089d9c9e3dfaf994843256a79a4b18970c8db73dad030b3e6abe9a3a8
SSDEEP

768:/7BlpQpARFbhtF1XxXEhk81fFpsJcFfFpsJcY:/7ZQpAp9XxXEhHfFpsJOfFpsJF

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4833) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_elf.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART13.BDR.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ad7774551c4c84de50075c699358df7b9df6a431918db850ca94212fef3a86c3_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

Filesize
51KB

MD5
db20c6de8cc83d1c46e018545df8b793

SHA1
e74de342a13226ada1324842ae45cf19fdd1ae32

SHA256
4cebd6e05d786ba0aea03d8901ae7cfea7e8148890d884cea1bd83b39703323c

SHA512
c06529bb622000aa2ab6334f869452e4e6fbbbee7ea71517b842158cc8ded735e8b6346113f77d411d73be33f0ddf5350c1acd63a3249f225d8e36dc8e44e258

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
150KB

MD5
0a33eedcb245d728c2e46dbbe1fd6209

SHA1
8a8fbf7a833784a85a981ccabadeb85bac50cd96

SHA256
32b94514f242dba19c59447d538cab8809eb66b5a4f3687828dc713168a8d397

SHA512
aaebb63c740dd9476e0231d89e3e9ce250840b17b004dfe8a4cab20519a05c1d4d8d7ac0409f127249ed75835e88163a19473150e7cce1478b8aa723ef275c4d

Download Submit
memory/4680-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4680-1784-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads