d4f969e3288206d1535d4038b429822873eaf18865c7a2ff31c5b17dd05254dc

Analysis

max time kernel
150s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
Size

76KB
MD5

1b0b95804cfb88e12cab56891a36f890
SHA1

eefb8a72bf06211ac1728c1a3ef01d8e87652935
SHA256

d4f969e3288206d1535d4038b429822873eaf18865c7a2ff31c5b17dd05254dc
SHA512

6668f89e6f61e6f8f5cec07ea06e372c9e170e590a728eba932a25c08d5b84cc1d2849d0cf5db47cbf683cfcfa47fcefa22d093a9b9d997b33e94d3873df99b2
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t2rt303aq5qE:6e7WpP9oVLQthbYY9oVLQthbUrt7t2rU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5192) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\he.pak.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PEOPLEDATAHANDLER.DLL.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-pl.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000006\FA000000006.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp	1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1b0b95804cfb88e12cab56891a36f890_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
77KB

MD5
8113fb371e173e5c3f8384b02c5257bc

SHA1
c42ba426a00dd0d056f6368267d85fe4c7be13d1

SHA256
b925818710e2215b731f4d0053b65fe27d09aa2754920b71b1bad963063d9645

SHA512
70e752954f7248560225a3be7013b7349851e9c57fbe44af5493a5b1b1805aa03d05fc2f52b821ad9a03c25ee46bd3109903e78f524156d5051cbef731574cf2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
175KB

MD5
86c349ba85efdbb0c46a826891582d4d

SHA1
dc263b1757f4a81d2ecb0f63d50a3ce0284a4939

SHA256
140721d3b51a1f052c7787ee8a61aa77ac676f8e3e076c2a00a9b778f00089fc

SHA512
31a2e5e8ee7ce48e162ef44b3931889102e5be8d9486eca692295333fb833d02b50a9c9365f9d9199e112d61c4d72715b212913009f4d92bc256cde3f89efdaa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads