88cb6200d65e2544c305da5c83bc7847f3333e5dedcf4b8bdb26354084324f16

Analysis

max time kernel
150s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 04:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
Size

126KB
MD5

7c6febfa47556a5adb94bee69108bd70
SHA1

8f87840ee3979cd1dba11b4ba470382b8a5e506c
SHA256

88cb6200d65e2544c305da5c83bc7847f3333e5dedcf4b8bdb26354084324f16
SHA512

a672f03f9927b06d336fb55302e5667c995f6e772ac0a62f971966d84ed0973061eb6721117061abf3dec7c98b2b94e7f3fc7873c69d06fa5f1745042d42be60
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzq:RqlIyFESWu0SWuGSwxB

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4866) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\Logo.png.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8FR.LEX.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPSLAX.DLL.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\JitV.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-CN\msipc.dll.mui.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp	7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7c6febfa47556a5adb94bee69108bd70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
127KB

MD5
502a9c5944edd9783c64a2821db02ba3

SHA1
5a893ced544fd773f99dd9698f5bd2f35d794024

SHA256
bd3ec810686867a82a77fe7e663c777052c67351e51e6dbf26fcf94f2203a095

SHA512
ac88485344968fb90823527f71a34f5188b8b890e9d85a95922ee7851a01c6b61e7f6447c6b448bcea2e227e25bbcf3e0ce686383ae4294450e46642e30131c7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
225KB

MD5
e2ded0376dbeff27a4f4560122e3d02d

SHA1
5b9418804d35d9d42aa1a0ac3f282711dccb89fa

SHA256
06d91327926d0dd29d2c559c3c5e7a4749d0fd409085c1b0baef86ff2e2d0945

SHA512
c8015b6f4dada0bab31edc8295d8b3ed036780dadf2aee428c3da024d8e47d044f83e3471bd8bc42d48eb8b700e75ee4a665647ce665a56b180c2c04b0696f18

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads