a6ee812e21387830b5cb0c112a3a217339295a8c1238c307db29f2db69616a8c

Analysis

max time kernel
150s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
Size

129KB
MD5

4b6c7dd19f6f630166f16d05b86cc0e0
SHA1

216edddc0ec08c6854458a348a3e8e8200b1db40
SHA256

a6ee812e21387830b5cb0c112a3a217339295a8c1238c307db29f2db69616a8c
SHA512

ef1d4283acb7b8eff67f88ad9da7226e5ebde3c70d6c2aeadf9f679f308456e87b29bb7e5e55f66d7a29186a447589db1e8ffa76b29cb9164bd4f1b03e0ea037
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c50KPK9:/7ZQpApUsKiX26Ka4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4695) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ReachFramework.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\management.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Tar.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll.tmp	4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4b6c7dd19f6f630166f16d05b86cc0e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
129KB

MD5
394c39b6cc576ae1e5c82dde6130c911

SHA1
9701be596f05369936c8728059bb3cc25d74c15b

SHA256
ac31b236492b3635a9a2a2486df7e0a7152a06b3bc651feb14c845fbebe2f729

SHA512
01ff176944a51b3759b884dd1f1caa9113235b195b627adccee3991d6a407c8f93cefbe9b4e483d771c0e91e1b524844e9aa532bf602d754cac4da4ea77da35e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
228KB

MD5
e906367a4ae3c221a511490a029f4453

SHA1
0c7b911a42e5e20bab4ea5bcb3718ae5d086592c

SHA256
60cec91f6f1f5c6013806264f3bb50386e621170281248ddf879b1790b87660a

SHA512
6e3b41b82ae80a8867edd23e9cbd6243057ffbfe8b6eaa765d9053519636152b525870b6b8faa50759ec344ac0f896c27368fb6fdb62c50821228df8c94a7dfd

Download Submit
memory/1188-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1188-1782-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads