d207bf83401aa3b516f23403ab92fee5599ccbf89f1cbbfeb8456d19543fa3d5

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 08:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
Size

107KB
MD5

a992ece971dd0c678efc4352ab65fcf0
SHA1

33149322bc3ff9bee3f1cd4ad5b175e0c41ea519
SHA256

d207bf83401aa3b516f23403ab92fee5599ccbf89f1cbbfeb8456d19543fa3d5
SHA512

9388096a6da17d3abb3b12d11ad243ae5788772836f59d96739574cfb7273319ea42479fc006656ee3218d42f79136324deae53692a8a555838e98d68bcab9b1
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVz8:RqlIyFESWu0SWuGSA

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4650) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\mfc140u.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrgc.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\uk.pak.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\currency.data.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp	a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a992ece971dd0c678efc4352ab65fcf0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
107KB

MD5
a5707eda94d8cd584fe3e2a8268987eb

SHA1
15887e43a77a70134eea7fcfa757bff2dfc46ef5

SHA256
77e142dd44d7e96b5073ca856390bebfa63fcf4688421f78d21447c0171c35a0

SHA512
0b461b8f8e4599572d5ec689daa4c2dc8bcfbdef0fe0e7620ae9b6c2063e3f27437fe8f40d317763c02da12d0ab7647b67a5fefdae6b13537380bf9afbbb9f5b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
206KB

MD5
edaa859fd27e1da9188ec6bf7c9594b6

SHA1
a9666cb4f273c347b7e2a49b917030c90eb4c2f1

SHA256
ccd4a10c698f1e10b800ba9d224f3c34251361bc0c9f12ab88ac3db6c80eee11

SHA512
3255e1a1133eb6d08f5fb83ccb4137457718f7b868a08776b8822cd2b4a4635949b55d15c3dbe66c9ec496febe1c413f6406f55469e7047f427540add2f1b083

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads