0be777a0977575f3e3466d3db6e8b7d713a49c772a94799e7da3bb3c1986fb24

Analysis

max time kernel
150s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
Size

93KB
MD5

002506a864256d557af65894ce3db9b0
SHA1

62d8411d8b2747f9b19ecd46636d07a331c7f42b
SHA256

0be777a0977575f3e3466d3db6e8b7d713a49c772a94799e7da3bb3c1986fb24
SHA512

d6bf8e9e38ec66308abac4d457bdac3e53e2b0fe106174a75cdb5a4c592862381bd5bad7bd5bff1a1967c7ebe08f4a8e2d6b14e563a34bf27056f3a3fe3ae4cf
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNoPyPL:6rWpcOPxPke+e3fFpsJOfFpsJbgE/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4736) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Calendars.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.security.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QRYINT32.DLL.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotdintl.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\002506a864256d557af65894ce3db9b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
93KB

MD5
087ef15ba495e541699acd837a18e2c3

SHA1
0ca200dbdc0cbfdf088bb46eeeb706a2c5f00611

SHA256
61a56a76c67da457889b400a42d742e7e9552cea157e642963afc4e52803490c

SHA512
73536ae033a12f0706c1d25a09a395f8565215302a9e86d9e5d86291f89e77c6e0de833b55de389117e88bd231e0b3d18a0fe07b813d7b118332c1271cd63087

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
192KB

MD5
f0bda29418eea2479bb5b66e40d4ad4a

SHA1
304ec872bce241dac7841bef089273f434909c35

SHA256
05435ba46e44811da6cd1a690a278f0929cec53d418ba04853f13c1cceaf8561

SHA512
f00cda4cc5a93f24affd4c50dd4511f5cbce78e90aac3e04411d2a5d98aa30e0014e8f53ca6e0e428f3ae55b44eede251a29012e464280324838c764cd762aed

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads