29b11fb2f8ff8206e1d47c76bdc0852f3031689a07bca5c9dcce439f73eaed8c

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
Size

77KB
MD5

e4c928c662efc5f15fa0f73ff85a8090
SHA1

88a2133dbea6591ef67d54ad7bf7b05a9a51f97a
SHA256

29b11fb2f8ff8206e1d47c76bdc0852f3031689a07bca5c9dcce439f73eaed8c
SHA512

71baf866493b97cbea7a86589cd042a8e1ad238e16148e5e1404d881a270125bdf2b75c5044c39e9436293b6c7f50da13ee5128efbd494c80ffd6d1ef76df802
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/M:6e7WpMaxeb0CYJ97lEYNR73e+eKZM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5038) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\msipc.dll.mui.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\msipc.dll.mui.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONINTL.DLL.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\CardViewIcon.png.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Input.Manipulations.resources.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.PerformanceCounter.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp	e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e4c928c662efc5f15fa0f73ff85a8090_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

Filesize
77KB

MD5
1987f0d540e71f958daa43b54ddf274d

SHA1
b1a50e3dc0c2d01adbcbd8b8a71f2b2fcea1b8ea

SHA256
464eaec4f90288b8465b1b52b667ac428761174c914afa56944c7dbe2f401886

SHA512
71e0b88fc8c001a01c4a8318ad7a012df1f824fb395475c166314884bf8f2c3695f6b811782be549d72b4d2a1b26b05fb23f51bd6aebab08337aa3cdb7fd46bf

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
176KB

MD5
d198ddb90df8cb8ee3686fa786095a1e

SHA1
3efc4e7ee4d23e09ec69e73ffa906106c31d198b

SHA256
bae37f1ed252ee030b461038c5e662827df90b5c8d0f3939e4a9de1fff8b906e

SHA512
7c640830780209fa6173d895e8b8ee0b420c295b4050ca1b43230ab180ec30f58d820223d30c94bf0b6e29c86e4d749b61bd966e4c547e345ea0fe8567baba7b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads