8d66d8a5f29f0854be95ed4a75865a5b19d82eed5023450d4538da29d284d8e7

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
Size

81KB
MD5

66e5cf0b8d1620dbabbb5ac95585e870
SHA1

f6d7bc1231a6c029fd445bd09c63633c52bdb2e9
SHA256

8d66d8a5f29f0854be95ed4a75865a5b19d82eed5023450d4538da29d284d8e7
SHA512

5b88f063835d04821dfdee57bf97855deef1f0c52935084361cac3603de301ca8ecd4f7ce67a8f5e00fd7887ac76b0d3972fe2e69e8f08511ee6bf04ab49ef70
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7YWtMQQQH:6e7WpMaxeb0CYJ97lEYNR7ZtL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ppd.xrm-ms.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationTypes.resources.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrgc.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_socket.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-PT.pak.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\SPPRedist.msi.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.White.png.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA0009.DLL.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp	66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\66e5cf0b8d1620dbabbb5ac95585e870_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
81KB

MD5
d0489d0638726e1ce56b8e76e7635b47

SHA1
daba243e716f433a7ff330cfa43f30b5addfb4c6

SHA256
b19ccce942d826f8ebdb66df3740fe97daff90ceaf2bfc0eb14f8f17dbc265b9

SHA512
ca1b33492f0780e5a4987795b22cc9d872c42a5157ae38f12abfa09c4df0bb1dfa61d41faf185b4890f87de487e2fe4a7979b825bc6179a1a5c6794d86700cad

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
180KB

MD5
4997e626c2a8231b7a4b8fc4ad0e6e87

SHA1
df95a3df494d547649caedf5e096dcd08fa7edef

SHA256
55267dbfcf0b18509cc0dff60e3ac64210c6e46b7b81de4dfa5c026748f07419

SHA512
abe9a0a4caf29a76d5f1d691885f1edb01f8c5b329ead34f4de1f747c6371b9dfe5dc29c11c0bfb88ab130a112c1fc2bffe2fafc12827ef182e46386269e17f1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads