931c45c4eefb8317a1903b3462e538d30f43ce12d946a0a7618630750dd49d15

Analysis

max time kernel
150s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
Size

117KB
MD5

62e6f8514822773ec4b195f9571284e0
SHA1

54d70bd56b4dd120ccfded48ff229acca73612f0
SHA256

931c45c4eefb8317a1903b3462e538d30f43ce12d946a0a7618630750dd49d15
SHA512

becb80dac50e46c3094d9a745a62180209734c9bf888326084b9e0f9a93cae2417774379ba5facc989d378503d0365b77099fb14262c66dd9dca2eb65ac41b35
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzN:RqlIyFESWu0SWuGSp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4752) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Metadata.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Design.resources.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-ms.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMePowerPoint.nrr.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp	62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\62e6f8514822773ec4b195f9571284e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
117KB

MD5
5b8fedba9e037f67e48a459cfc5dd90a

SHA1
b733e0411ca6ae9423d4307edf921672a7c740a9

SHA256
838d64d47c8981b98b4aa737a0452c3711a3d0867bfa2c04cb3e3d416e260bf2

SHA512
de9218dedf2c41cb60fb6d0575eb6f7fffb0deb20ddaff5e5de21b17c457c5d8871ef2637bebcc0361f32ac8cc7cd1a18618af4d0b352ca11f4b0d55d08c963b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
216KB

MD5
5015c336a12e81315800d1129e33187b

SHA1
61c0c1569158ce21e376a80be9b5d31e30544b37

SHA256
0768d99097ac0330d31ed966cc26c5eecec6c31d1f04a69f60c8fd34ba03cc3f

SHA512
17dde43dd74b07f298c93e4f1d947d589495e2970d5c5f2cab7a50e12b30bbc5303029bc330c8b275b793e00b2cc475fc09453222c351b9d9fa21b4d7e18bdac

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads