e7273d24f5b88d0cd74dce71f4e314a4be22bec85793e8b5a4494f6ed1b096ad

Analysis

max time kernel
149s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 06:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
Size

194KB
MD5

933db8867c3734114902f0777a16e6e0
SHA1

47fca0fd3040f1534ac09e0409677a7761689d0c
SHA256

e7273d24f5b88d0cd74dce71f4e314a4be22bec85793e8b5a4494f6ed1b096ad
SHA512

97ba0ab2fe427ed3bcb4ef8b51133b183fa546640db7e132be3fe9aed9ce843b5458b79f73ee409fb8c6329b60b9a915f8c27f3a76e35cbad009b9ddbabd55ec
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZeVPEGb+sYF8fhlypLj3VFNgz:RqKvb0CYJ973e+eKZeVPbbA8Oj3VFNgz

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4720) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\coreclr.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Primitives.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationProvider.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bg.pak.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\mlib_image.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp	933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\933db8867c3734114902f0777a16e6e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
194KB

MD5
ba62141572411fe98281415bf1e56af1

SHA1
614633d6bd9df05add30d45a96982e84902d359a

SHA256
4c04706b110d3564e9334fa3c4235802bc2e68480b60ba74ad6a15a90fa96b2f

SHA512
1bcb4138d6cebc71d7ed36ee219a5a9d71a10de89bd85e2ceafc7a99c6bc82356b09dc9bedfa6ec49ce99dfac4b6b3c7259eca240f86135bfae664218338e6e5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
293KB

MD5
d3594bf60c80e734ae2395b0067b5073

SHA1
9f33bc2c77759026c15cbcc0649f73c953af07fb

SHA256
e11cfead672cbd32960025b8a8cf05da889269d55e33d516c62286a072ba7eab

SHA512
8151adfeb2356465b26d021c4ae4d17828423fd0a68582bc5140e720f237e7aaac7b7171f7e3b5bd252cdf1ca9ae266314d690a4b1a16f27263d561ebb038dfe

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads