f34cfdd559b9e70bb0aad506d24e441a40c0f1be2cbca855c228860765761c1f

Analysis

max time kernel
149s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 05:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
Size

80KB
MD5

8d60e0da055dbe4cb08afb92a9503220
SHA1

fc1b843c22afd00312a58d2b2f3a6735e77e5b93
SHA256

f34cfdd559b9e70bb0aad506d24e441a40c0f1be2cbca855c228860765761c1f
SHA512

56e2c7609466093b588718dbb4d1c62bf2d9f7bf83934a25124f6f93e157edde98eecd2841b088fda152fbad03a33feb3dbfd81a6ca33b9a0939b9998fdbf133
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/EQg:6e7WpMaxeb0CYJ97lEYNR73e+eKZs

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5024) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Primitives.resources.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\coreclr.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sv.pak.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\amazonredshiftodbc_sb64.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\vi\msipc.dll.mui.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Primitives.resources.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL078.XML.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\catalog.json.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp	8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8d60e0da055dbe4cb08afb92a9503220_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
80KB

MD5
8c0145559845a1cf27ddb1b9486ccd1e

SHA1
c627f1b9a0dc5ee68a0022a76dc7fdbb0e817b39

SHA256
41866d36a3450002c735536470f16d7e468963cd0246fcea19697e61b23b8e0d

SHA512
80b4b8cc8e305509488c59fe7a507f62fbeee1b4be09f623c07fa22c5c4ee6b1628d020ad5ab862fe63e10ca607e83b14584b247f0391b255a3e9a42becf4d0b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
179KB

MD5
9eabf5e5c39d526319306ea50fc3f0bc

SHA1
0db1d5f52280dde21ac1946fee423841bb8161af

SHA256
8ccf5057c8c70424811a374296d88be10390dc4feecc547d9551ba4ab6a4fd89

SHA512
5aa1d6fc6c2f6bc37d82e38da369c2db59b585d4a3cd7aae0ae3aee3fea9bff9f0adccd93dc3b8b05911fb85b361e9da3267a73fe906b0554d166df314fef9dc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads