1249a5fb906cb9fc29cea65ac5cb204d7333b7d014a520f835a62a91355815d7

Analysis

max time kernel
150s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
Size

105KB
MD5

32314ee9d1b4ae4a4722ee80ae700240
SHA1

3356cbc96e8525bd98780c1bfe2d35119a7cbd55
SHA256

1249a5fb906cb9fc29cea65ac5cb204d7333b7d014a520f835a62a91355815d7
SHA512

52b5f371f22c72ca12742359573590baaafe16daf3203a38168beb3fa1a195cb7d121fb2e3c658030a7ed72e31705a84a45951a3adb86e226b48e5918e7a3b7e
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEIixibGU:tFPxPke+eImGU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4835) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.policy.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXmlLinq.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-oob.xrm-ms.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\32314ee9d1b4ae4a4722ee80ae700240_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

Filesize
105KB

MD5
171a85bc60eae009d218692d7348ea0c

SHA1
c8f3a21c974ce19301fe031885dea8cbe1bfe206

SHA256
d96788e104a5f9e0f8d336b7abf8517cc96e0fcefadb22e3b5a11b9cf25e7844

SHA512
081895aad908f9ede5707a490681574ec60bb900c82abb4534d0edda2a2fb49260a84a437cee0c8050b0d379bf9d1f3b802b343a5e9f74b9a0c00b50d130e305

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
204KB

MD5
a32ceb8b1cd68048c29232081a0de672

SHA1
b3391bb2815046045c52497a955f53bcbd7a48ce

SHA256
e24f26297d241a512e05e2ea1b9c4c518f12a5271b1b4d12f061ebb1f233f22d

SHA512
f6cdde23aaf652f4582a982d4086d1e08b18c638fdc0662848d08a1aaa1ba9ba44172508725deb65c6ef64ac766a33a948d53a26b8b679030e99d34617b0cc46

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads