4eb9a3d6fa079de71cb7795c7cc87825619d2ee6179d8dec0f944b430d86e104

Analysis

max time kernel
149s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 08:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
Size

81KB
MD5

ac23a872876ea9208be292e69faf8ef0
SHA1

7c89bd05b71c9e629bd0274d78d605be6337b3b3
SHA256

4eb9a3d6fa079de71cb7795c7cc87825619d2ee6179d8dec0f944b430d86e104
SHA512

a4070b4ab13fd8e9d4696597b867909390f7afb3f8129b5ecfcd22d84032d2e80a709a36e2d98ba63bc9562744085f1fb368a7b6b04a8323eb22f96360b4a1ef
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/xgS:6e7WpMaxeb0CYJ97lEYNR73e+eKZj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5186) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ul-oob.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL111.XML.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OWSSUPP.DLL.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fi.pak.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoBeta.png.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN121.XML.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lt.pak.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHIC.TTF.tmp	ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ac23a872876ea9208be292e69faf8ef0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
82KB

MD5
2faf79408d6199a0cda5e920d1b22faf

SHA1
676254f67f6cc3bd55c47c8d3a6d9018aac133b3

SHA256
5a8c2c80d4b16138edc6b5b90f169ed429bc912562a3450d9caa80cffb5305b6

SHA512
4132d3373caf1e8e361015b3b21cd9b1feec03b642fe2ea30b7544ee79216239dc79ed9a8649264ad0a11b55863fcf4ff280225fd1d087cbc5ff7921d097c0de

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
180KB

MD5
f5dd6cf7f9315d663a95d2555d71ace6

SHA1
b894f00f234a9893ded4bc6a804823987b3bdf49

SHA256
8b549ae31607cf35b7446a640f285dad0c0fb63f2fee671abe334caca21b4103

SHA512
b2857351d3beb511485e720d47674a4174537959cd9b8f04ff14c6d0fd86af63d45363f77cc7811bb17a0b78b0d3c1f9a904aa018014f05319fed3a8b94c9b74

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads