c84271e63f89d0fc1f2a8231458f1b8dac6af750bf274abb7f7db3c0382e6f09

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
Size

135KB
MD5

24ce08bf7dc5b14b77090cf5151e96f0
SHA1

bc34dc9198cd8ae50ee57eed92cd99dfffa6c7b4
SHA256

c84271e63f89d0fc1f2a8231458f1b8dac6af750bf274abb7f7db3c0382e6f09
SHA512

e828aaca2c6d0d0df31b6cfdbbde51dd5170353dd00837d21b8d39801121d75e82e9525cd4d56eb2506154f0ac5e46091c71c7475ac2afd5fa97c14321307fbe
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOK:/7ZQpApUsKiXBvzwvzXJvlwJvltbW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4696) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.resources.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Extensions.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMB.TTF.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre8\lib\deployment.config.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp	24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\24ce08bf7dc5b14b77090cf5151e96f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
135KB

MD5
fa84398fcdd5152ae987a48479515393

SHA1
3aec343d716973229863d21c65092f4e81e7f050

SHA256
36e64c185f6a42d791d0fd1ad7c18f16e48fc8f260c91f42f318ec7c94a59cb7

SHA512
c2a9d5e746d6bba36969e46af151478299a0895141e3f5776b3f8cef0eec3d4682f03024dba80d304c28c716133ef45612bff5b251796ad2470497ea2496cb1b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
234KB

MD5
faca0beeb75eabf53ebea215fadfbfce

SHA1
cfae0c20092dbc7f31c73fdfddc4e5a54f8bf5bc

SHA256
f9a0eb71f4cd617a0d1be6b1b9adb737be05ad1c9d89940a681c71eb5dca842a

SHA512
09bc04384cc577afe8ed1af7eab6ceed448a35e33e7a9d76b36e2cb0340e93dbfbb975bf635264be82c582a917c4830f785ef8cf088a08c5073af77a0e501bca

Download Submit
memory/2680-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2680-1655-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads