e8b67ddba0698310f5c9721712ee8360b2be13885f54ced67e551d15092b0698

Analysis

max time kernel
150s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
Size

63KB
MD5

036e08ec12c608e7249b4a54fa3366a0
SHA1

b876d0c61755a3a6b64d363c5f146b977682bbcb
SHA256

e8b67ddba0698310f5c9721712ee8360b2be13885f54ced67e551d15092b0698
SHA512

4e779d6c6eaf50dde97ba1121c5079368b9f0b3fc4278429a8b2b424b83e758de28241fdf28168d3f90f8190de464edf01408e0e0a677203ed91cd6a49ad7b83
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJ7:W7Z9pApQESOHepOHe8G+6E65TGApuwuo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4846) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotdintl.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.HttpListener.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-PipelineConfig.xml.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ppd.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-100.png.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\id.pak.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ul-oob.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\036e08ec12c608e7249b4a54fa3366a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
64KB

MD5
aaabc71d8f08a274373e18200e1f749a

SHA1
8cc666866f37836219f1fa9ae7b6417555ae27a9

SHA256
b6e679451986da32b52f13d0e839f8501d62e8dc8f0c222cf05bdb010ca22115

SHA512
4a48f344825c711dd593db456a0fe7bbe7baed301aa8a9ae2363db56fb472138e1f494fb918ef277d1c8fdb9fb740f0c727d60ec30aa1e5d6e1d38f66e7c502f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
162KB

MD5
81af12559373ec309ae0dee6fe43b0e3

SHA1
499198bf8a39466551d21f150eeb232615c553a6

SHA256
0c1cd5b09538307817fa28b6226406d29a56498671b83cf8fcfd413afb7dce04

SHA512
dd5f1ac06abe4c038bdf8666a6dd4a0470c36256396d31e6ec1e205272c67cac44dc378ed884af618c33699b1afad79f8af3ad697960236563a52f40f62d0f6c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads