35c2e84c91a6974d835a3dbfa39a5877b0e5773e6e0893e40e0ec186a039cf9e

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
Size

268KB
MD5

defacf11530734af4ada2da80b72cf00
SHA1

77640974728e7500c6c4f4fab8481f38aa7cbb40
SHA256

35c2e84c91a6974d835a3dbfa39a5877b0e5773e6e0893e40e0ec186a039cf9e
SHA512

fe190fbf491b5dbe1ec9d8a55eb116f0a19bdbd5a3dab44dd82579b40575e7dc0aefc939d40a86603fab72735056b33345cc6184e6f19a2c7e3cafa39437da84
SSDEEP

6144:RqlIyFESWu0SWuGS4nNcbLnKjz47fiD+NZXoxSFM:tyKn+bLKjTDgZXon

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4369) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\CompressWait.MTS.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRLEX.DLL.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp	defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\defacf11530734af4ada2da80b72cf00_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
269KB

MD5
7bb46f03a4753aa11cd2a6f9482e3752

SHA1
39391b0194c5c8518392ed54a9ea0fe335b78c2a

SHA256
7562d38cc0a79baabdfdfc83e7a5db5c60e751aa627516394624dc00a7027ef7

SHA512
0e114b4527898c144b73eeb556f51a59833fad05630bcc40308b9950575fa9cfe059f8f29e643677d8dea818526c0bd08ec0ae6c88d5c3b0baaa1382c20dc502

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
367KB

MD5
1fb2adae2038c6949fba36ecb68db1e1

SHA1
a925fe5aaa55a52cb1cbccbfbd055b275341cc7e

SHA256
77884055cfcd7b215f0635440187b7986da59319aa94f7656b147b006afb9c21

SHA512
384dc125ab16b55b4fe50893d823ec25bd52f3cb5b658097c643ed8423e822c193a4a732ae12cce6309e6953ce5227754a44b4c179bf940f3e74791f958fc160

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads