f7a58d6dec0a76cc607a1c43b1aa062aa41c079db565fd2fe583471cc50e492b

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 20:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
Size

69KB
MD5

64776ac767e34c1dc4c199bebbce1140
SHA1

7529a8002278a4948eb63c9845b232fa73b63ed0
SHA256

f7a58d6dec0a76cc607a1c43b1aa062aa41c079db565fd2fe583471cc50e492b
SHA512

b03baf46cd01d59aec592c4bc3ccb098de468ae47be38935186a947682426ef9ac6bae098c61d846dbbba61321a124a9f52582b98ff84d46d1ee680496977bf5
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65TGATSKzsMs8:69WpQEJATjJn

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5039) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsBase.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\meta-index.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ca.pak.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\Welcome.html.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.png.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.stats.json.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-TW.pak.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WordCombinedFloatieModel.bin.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NameResolution.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXmlLinq.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp	64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\64776ac767e34c1dc4c199bebbce1140_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
69KB

MD5
4d40c48e0b1cc42afa3637809c4e02bd

SHA1
20fade1770f036c187e098d6a5488fae46d4c4db

SHA256
1850ac45bf8bc4b515b585dbb72930aea7d9cce8160e4a01750fc6b0735fb53a

SHA512
fd6fcdd278f8ce3ac63f540c7612ea71dfdba9a1cef317da13bc1f1d4db8d852b64b68cec39e6de68cea0ca0b0a73256b7443ab6ecc5710deadf9246ae588e3b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
168KB

MD5
a0bf7471f92a3cb1f48b5365c9f14c48

SHA1
fb3d126016ccda2342d41061669e4bc6e1a53183

SHA256
6563fa8d2cd0b2ab62ea3c5c8186165f402aa6b83b7d59a6c5876d6214cc2f60

SHA512
b5dc1f564a02f3b393c83d7ac717e9931408053681be9eac7caf3c6dda74ac776e41317cbe540a831d2ecd153f84ded2354ab087871eb73679d057325b84e52b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads