2e38501a3f97fda29691e70fbef2cdc74ac7bfc857b3fd353dcf26aa8ad5e5c1

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 01:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
Size

66KB
MD5

4c46b75ce7de2504b689cd31ef5d42e0
SHA1

67b76c29d00b57e48456429af27bb1b7c7821f73
SHA256

2e38501a3f97fda29691e70fbef2cdc74ac7bfc857b3fd353dcf26aa8ad5e5c1
SHA512

ccbb8501bf517f878ff9e8a82def1e3dc07c7e953b39595a229a9506ea2c4a29d9afd08190e6fb7793cb068b0345bfe244f8755976ad580a596fba610d18c5cd
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65TGApuwulEj:69WpQEJAp3R

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5121) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONLNTCOMLIB.DLL.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lv.pak.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\msipc.dll.mui.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\strings.resjson.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.DataExtensions.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-pl.xrm-ms.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\resources.pak.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.exe.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicudt53_64.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Tec.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\TextConversionModule.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp	4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4c46b75ce7de2504b689cd31ef5d42e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
66KB

MD5
b70d1570337f60be69cb8f12f0c91b55

SHA1
4be5fbbfcc43e8d71bd633ab0f2d7a9d24cbf7f8

SHA256
d5da0c143a75ba865c2d0d48c15d0d92bd056eeec7f742bbc4d194cb715aef93

SHA512
c10c838703c0a0d44683617438e3cdc2cfdfc96cd195ee71e85cdc8fc299042a85ef79ea869eb67625b111f04f79644fb9b76b8132b403b973c88358e0b8a8e9

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
165KB

MD5
64914d9dc3480effc9086c0fa4e2ce92

SHA1
047a0e74ff984ea8833dd21a3d83116323e38688

SHA256
2531841b3eff48b18b7ffafae1c2a1edce7e31ce8149f16495ec67c16f6691df

SHA512
87fa81a1d88e2c76e2c29229a2fae1068bdb6ba4265b4b4d1f5ad459eac9c3364fbcb83487277b410ca20ef350c12047cf4099041d80ecd9935d3fc27f2f4a50

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads