734471f27b4e38413ab5210e13f4892b6205cb1c626fd3f2e35c577272edae09

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
Size

81KB
MD5

030996139e3c5892f63859717e3a1820
SHA1

c7c09d438a99c6e94e03f0aba0fb6bc783f48945
SHA256

734471f27b4e38413ab5210e13f4892b6205cb1c626fd3f2e35c577272edae09
SHA512

af85de2eee0c31e032157472a05af5b63f0e97b12742a2566d035ba551be75687904c68f6c038af54552bba76eab0a8d0173426f8508f827dba609c3f7cc9b93
SSDEEP

1536:W7ZhA7pApMaxB4b0CBlEVqNR7Yge+eJG/x/ejJZJe:6e7WpMaxeb0CBlEYNR73e+eKZ0ze

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5102) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.png.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\optimization_guide_internal.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\EnterRedo.raw.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\release.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\msipc.dll.mui.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CLICK.WAV.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ul-oob.xrm-ms.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationUI.resources.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotelemetry.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Xml.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp	030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\030996139e3c5892f63859717e3a1820_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
82KB

MD5
eca6d0f1519c1809f21582431259d8bc

SHA1
ff772e47c1a2fbeb21894286879735fb69f214f8

SHA256
9beb50e3cbba44f80d72f77d551e6520082bec5b9b33a4badfa777343a9d3b74

SHA512
499302a5bfd18f01e7bc4fb3c034dcdc15dd2437bbc4f6c437354aa3d4582ea3362c3ad2022ca43f66b3b04dc4b9cb2b38cfcbb9db4d0170935bc02e52dd5cfb

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
181KB

MD5
7b4020799afdb701db190e4c831678e4

SHA1
56d5e27f2f1ba01de43e31bcdad80c68bc7061cf

SHA256
9954208a361668880935c6738a7d8e041201b9a38891e29979774f3de0f5140e

SHA512
6ff7c9b172e8d488a4259c9a0fb97ac23f9371382111ffbe463937ccdb6ec58e22ee12994f7fa5e8280a6f9991cfc3f500a32d204589f71fc4c156905e64dc55

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads