20471d7854d7a030f6940613fab3ab4d8b9fd000ea9ab74607648cda0cfd6305

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
Size

116KB
MD5

000cbe76f622d5ce303110091b909640
SHA1

7d5cf1f358638e730880dd03a233b6ff52e0c956
SHA256

20471d7854d7a030f6940613fab3ab4d8b9fd000ea9ab74607648cda0cfd6305
SHA512

d7fffa0db3cd1605ccd1aec205818408b8303b4bd31ec244282f55a0496e70f876a64c86228489de3f4998da318bac0480b85411c8a1f8cffddfeb5d72b50bd5
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEIixihyKoIWbsHfySkT5GeCyi348oWGRPOzkE:tFPxPke+eIu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4853) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\plugin.jar.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Input.Manipulations.resources.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\ConvertExport.csv.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp	000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\000cbe76f622d5ce303110091b909640_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
117KB

MD5
8e98f2179a7a121b0f56d899786ede1e

SHA1
00f0b5a8b67531547daf9a75bae6b4a9ed600318

SHA256
f0317c0cfe56d78d7eb60b29b2c076fff31565a2a358812f096a7671b02586c1

SHA512
f2af5008693ed30afaf1506c794d3a94018394995c5fa468c8d40e7b1cecb0e67ecc6ba41342f02f16186d6c60f4b4a2a21d894b939c4722f009fd45c998f345

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
216KB

MD5
08de241442701ad11e193311daeea793

SHA1
232bfce68deb933c14b677e70b646a72d32f6873

SHA256
b67be132ae9d249d9d56e588d74da7947414e86646d81ded030937d4d317ee63

SHA512
397fc12150c3e42da61bf97c77016df265bafd82831afca916247483927273b1e6b08578bbdedfb11e013e38ba34c51ec3cd8950f39768322cc6caf5c554b058

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads