115d791570ab009445bc65bcc0192f3f8fdc3dd65956421b771bf0159ac33d69

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
Size

120KB
MD5

3484c6bca400e0cb75faff45c548a370
SHA1

2dc716c93df7ec5c38b320754be2f1f42440947a
SHA256

115d791570ab009445bc65bcc0192f3f8fdc3dd65956421b771bf0159ac33d69
SHA512

70d5ec8ced982d9f7176838c87497562780b6317ca806c3f2091600ccfce1ba06d3ad4d2e20201f64cca90d77b8d01958bb075fba6bc8c339073c01801230ea4
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzp:RqlIyFESWu0SWuGSwxO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4679) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\instrument.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.AnalysisServices.AdomdClientUI.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\el.pak.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoDev.png.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\msipc.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp	3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3484c6bca400e0cb75faff45c548a370_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
120KB

MD5
995dd7108aba79ac35873d5453ab5afd

SHA1
34f970aca1f38d32bde005f04e8567f052471e9d

SHA256
935f2b5632ef173b83f52b5dfde1be137da83b4798b812dce28c3fd9af6d123c

SHA512
b9a7e243f8c325a70c0cbe44292d952ac3ba565033d200cf4b1b684af85f520d8a8a670c0da81a2082f403f63869157fc1b6c7057160cb4841f41fa969d86c7f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
219KB

MD5
386000ccccbb0532da583b7b1b8c72cb

SHA1
143a6d51281f4b137d19fcdd6cdef08615948f4b

SHA256
59142ee83ba6a5826b6a950fcf8959de50c95eff9f344653703593e29d54b4e0

SHA512
7b37480417b6cac5e7b040abc2c3569ec0ec54a4d305907bc910490464ae29b12d40a1850997b7518635d90c7f3fc4c04af4803372b2fe0beba917e3cb92660e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads