33808fbb0f03ef1ddbde4fbc63e6661e54ce88ba5989e31f408aedb2f1cad98e

Analysis

max time kernel
150s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
Size

70KB
MD5

6a3ac7fc4a4fce8db1871e3b9ea23ae0
SHA1

9b614f2ecaf5db03e82a0688742df16cd80c1c26
SHA256

33808fbb0f03ef1ddbde4fbc63e6661e54ce88ba5989e31f408aedb2f1cad98e
SHA512

9d53c7375b8295d8bd6a909decc0915f6d9461d0e47ae640763f1de980d394bed8ff7c0deba46f6991112b16895af2395b0c42165e9d679cc9c378df7516641c
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJX66Fl3Cv:W7ZDpApYbWjIlE77ufL2e+e16al3Cv

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LEELAWDB.TTF.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.SETLANG.16.1033.hxn.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Primitives.resources.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_wer.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN048.XML.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp	6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6a3ac7fc4a4fce8db1871e3b9ea23ae0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
70KB

MD5
8b04330324c48da313b5dfacdabbf433

SHA1
d2e69b9d2c92795faed316371a07fd0df7b36701

SHA256
9a9205526029aa39688a21d23b4a9e7cf7e339252697593e2bd39d58bfcdd1a9

SHA512
957d6a0618e81894e90ed04b70d89570645c13d65e91ea4d5c90ed94a94ff25cfd94130734ee5e74f62ad0c96749b946cbf28163f10b9ef30f731a0d639e1cc1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
169KB

MD5
df41475ef8a249591351c0b0b7d15832

SHA1
fbba09f6171283cd3a93ce39446255ec80d03253

SHA256
5cf973236088ee6c530110dd10c10b3f4f22e552be72fc0cc8e3aab5dbc3008e

SHA512
b24898307616b91567ec209689d7d9cb9d11884ed4a2bd926ef2ca439a2714ba32d2133ebb6bf0bcc438c9b12fc046fdb80e09f03101ecb6fa78ef731a8cbf40

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads