fef8a21d083b2a01b0602db7f82c91dcabb15662fc04c1497830838ed06082d5

Analysis

max time kernel
149s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 02:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
Size

96KB
MD5

473e183a08cb69145b7d2d9e0f148ae0
SHA1

ede40693188f4faaba9971d4ebbcdad99d9ff212
SHA256

fef8a21d083b2a01b0602db7f82c91dcabb15662fc04c1497830838ed06082d5
SHA512

3abe01f2d474f07364e83cbb2a3646781c742ee7042dfbd9ee70c62fc39015ea62a6319a95d1f17b7696d7cdb30982cea3e41c082cfcd221be7c1683070b1fde
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76n:6rWpcOPxPke+e3fFpsJOfFpsJbgES

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5028) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHSRN.DAT.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.LEX.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jvm.lib.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoev.exe.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp	473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\473e183a08cb69145b7d2d9e0f148ae0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
96KB

MD5
ce0a53ac43f9ffe6b7660c361164d3b0

SHA1
3195eb556ab434011e68e05e2106c9c3ac0541be

SHA256
ec881bb1b233d6b119ce2bc19f596a6e196d15df2d877f6a441bc26bf2529566

SHA512
9463ae86b440962c73218c43f06acf1ea98776df2a23e07b608e5531474913f852a18ec4fccade8153c2b159af3faa3e11cd4ff5871a15d24f44ef3618d3f290

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
195KB

MD5
196b13ae2a0a65a39ec765e40c43cb6e

SHA1
e46525c7f8889a7b1b7349b1315f0200831fbc0d

SHA256
6aa065c881b4ed9ef7f43a35ec1c0b4143533d7f74103fecd37f3cc431cc32c8

SHA512
5e1c8fdaf887e58079f320ba7ea5e1d6a8424601eedf126a34a21147dd757a56ba99694960ec292cb959dedff90ffa863bf66a7c38f54143ac167571fe2839f9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads