b9e8feac5af79fd6006d213330b3b82d8007f31f55822c8cb2ec8f80dc2e30ae

Analysis

max time kernel
150s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
Size

92KB
MD5

c9a94d8c1ad1eb6877b6c7039f425970
SHA1

e3ffd1b47d45471871055ee98ec0e4ea03025bee
SHA256

b9e8feac5af79fd6006d213330b3b82d8007f31f55822c8cb2ec8f80dc2e30ae
SHA512

da852ba15715292159543cb9af8b92221c2bcbd047ab9e4052cd4aaa8ade60793702caf1dac85e3c6400361d061450cd9261d2815d2aa1632bca8ce1d406cc70
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76xVt:6rWpcOPxPke+e3fFpsJOfFpsJbgE4Vt

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4866) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.ServicePoint.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationCore.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul-oob.xrm-ms.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.Client.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.dub.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\BackupImport.001.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp	c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c9a94d8c1ad1eb6877b6c7039f425970_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

Filesize
92KB

MD5
fea4a1522cf0faf9a3bb3cd637bc2210

SHA1
6a229c5f013670a2f2c0f07ad3685cf9b538fa1a

SHA256
eeebbb5559d2f1fad9478e567f5cfd341143d8703f03c2f58b6c476ea2a6ff2e

SHA512
f946880cdcdbc7c8c1eaa7e0f45f10cd81252b92500e95e9545d6c409e821b40ad43eb7907f3fbf8cd6edb3ded98b6826e1dafd732c8979daeac9d2699c58d7b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
191KB

MD5
7816c3a9309aa8da16984de20fe40d68

SHA1
a9e3026cd1c83971fdcfd989064246be2f361e93

SHA256
4a143f1614793bf8b60284a7dad4124818337925505a847dce42390701045415

SHA512
dba2d4212b1f54ca8c326e13e7506f5f46ce19398150cbfe0b6b9f72cd880e942e36b0f08c42787713081bc28c30eee39a09b2135a595a2c6fa672b41848bd19

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads