c77196535d4d19c11188407fb58ed8b191d661d6398f7b1ae0e3f1240261ddc9

Analysis

max time kernel
150s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
Size

84KB
MD5

9be94ff06e494ac675a050542c9396f0
SHA1

db1c305192979786bad209f84fd12748f417f4d1
SHA256

c77196535d4d19c11188407fb58ed8b191d661d6398f7b1ae0e3f1240261ddc9
SHA512

6ef13bf0a04a5e575e43b85cd2308a93648d7b97a377988a8126fa0e4b7489dad9b6ba8685813594875bedbd022f3919b7742e44a6934f0b816a4537354a452b
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKGfFpsJOfFpsJB1QgqeBgqeU:69WpQE0zhfFpsJOfFpsJwgqeBgqeU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5054) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ul-oob.xrm-ms.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL116.XML.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\da.pak.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote.cat.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WordInterProviderRanker.bin.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.HttpListener.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lv.pak.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sw.pak.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\hostpolicy.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationProvider.resources.dll.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.tmp	9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9be94ff06e494ac675a050542c9396f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
85KB

MD5
8d8de6eea3187f009bd26689924acf08

SHA1
729de64d93b34a5060a3b72de73eaba8b5ec71fa

SHA256
45b1271dc8c123a8b128028947a3c77fdb91b58c1cbcd77bff251ba74d024807

SHA512
cb9a803b5523e67fb1094adcef8980c37c31ef7ac69e98f8f16e8f63323141198d228eddc2fc49af3a456053f26b227cbc083168c4d6999ee3186ff9a2990676

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
184KB

MD5
708c2926b81d3c1b99249cd30abc449e

SHA1
1c5e632fefbeb7c3437352e21ef15d248f00be69

SHA256
5e60c62781c4a3c305ccbc2abdfcd6d6845c9f96524258d8b904c93bf6ba94a0

SHA512
0bc64b187adbb5dcb9127b37b9858dcf2936095d0755ee432fd98d418b3a6c33387f4864d7e12daf459276c3628ca9424177985f056e42c024ef61126631568f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads