f0d3e8a9f6828276d5bb47d37ad79e159c9aef284d7b23dc7d6c44089ddd3749

Analysis

max time kernel
150s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 18:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
Size

66KB
MD5

b59147eb51af80ce6661c00f77a1dd80
SHA1

c0d3958f63ef7a4820b44f9ddfa237857e4af267
SHA256

f0d3e8a9f6828276d5bb47d37ad79e159c9aef284d7b23dc7d6c44089ddd3749
SHA512

8cb2d7bb6e6c604436aa6bc7f03cf14042f769b65ec56151974158297c2c34c0fe770beb10a71b69b9e1fcb97d5d34a68bfa5fb845989864491aa90f494d76cb
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORRen:W7ZDpApYbWj2WTWJe+e/qu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PEOPLEDATAHANDLER.DLL.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICB.TTF.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ReachFramework.resources.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\ExportFind.nfo.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\vcruntime140_cor3.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-BR.pak.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp	b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b59147eb51af80ce6661c00f77a1dd80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
67KB

MD5
ab609e2bffe17e414db347ad4e9cf8ef

SHA1
be1d2890868b22b443e93181003d069d4addb7b6

SHA256
45812c320c09fee7ca4ef7a4aa84ae1cf3e89b23517b045052b82c69e4c18bfb

SHA512
4f19372ea42786b0a77c3210d91f93e722ab83776be3c000df1979a2c93befe4e7692f1daf019a4f0827e5309cd66c7a4d03aa98b2d02fe70b58c543bb745844

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
165KB

MD5
78bb860bac888741659ea3004800b29b

SHA1
cefe209a335e56f54f6717c04647c81e5424aaf5

SHA256
269290d606fed6166c861dcb8a76e9c2b270701343dbebcd3536a0819d07c6cb

SHA512
5ab97159f0009415015393e6905905780faf5c8e9b8a8b8e3240906f5ddd046f0a61c98dd1140dee1034bb4b42fd09935980171a4a13a00afebd1dff22164e5a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads