d3e8d0aa2e73edd3e3999bc83d7f262344ed44575fa211c062406100e6ee465d

Analysis

max time kernel
150s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
Size

96KB
MD5

2dbacef0e38d62ee449c439c518252c0
SHA1

8b6e852e1737d00cc7b6a08814c75adcdeab63f1
SHA256

d3e8d0aa2e73edd3e3999bc83d7f262344ed44575fa211c062406100e6ee465d
SHA512

c5d0b9dfdb3911b6d96a5ad3bcb98432b5f5255a817b7f996c6d8172edb5e714910a6f65be77ceb04095a4ce103142cf733c50f25f97013243ae1d8527e96075
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEDJYoAJYo7:tFPxPke+eIDJYoAJYo7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4940) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.common.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\CompareRedo.rmi.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN103.XML.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp	2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2dbacef0e38d62ee449c439c518252c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
96KB

MD5
8e53c1c098b1b12adec48ed2ad4bda60

SHA1
d7060dc0b70012a8193cf65d6935504c74c72918

SHA256
768028194126fd5155671ccb021f9091b8bfbdc665f1892f0614f5d20971ce55

SHA512
fbdc3313527db68b2427cab70a964dc0420ac71864b58e057bacd6ced1d5bea03c03069257d2302958ee26ca545f249156bb8ccf48dc93fb63d44100a96abaee

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
195KB

MD5
23c9e481cfd8819ed06d8dad483a1d41

SHA1
f59e755fcd30ad040099d1c5f6fc3180f8ebdc23

SHA256
65bca92d16c1997920961a7819ebd68056788797c0ab49dc5cb92a563d029d21

SHA512
a0c1fd3ec549df3d4c8f62618a61190f6bfcee8a5474152a72e3f7d9083893b2362f72d02ea238347d2188b0a0446a0ab07e30df5c93ddbaafcd6c0b1f103d16

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads