e450a7e63d07a6cd03a5ba7c006f4b468318e6311185a2b4f1d421b830098fae

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
Size

99KB
MD5

6b33af4d98d97f856ce120c2e0d798b0
SHA1

f26485bea23bdf65bd3c7d05fdb5612420948371
SHA256

e450a7e63d07a6cd03a5ba7c006f4b468318e6311185a2b4f1d421b830098fae
SHA512

31aca25f4a004368aab4e0eed884bd9950b97af362d385f3f07f402c62d2e8396305d98edf3ce00129538b7dcdf5a4177ee2b95504da2c4a758344656a0be190
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNzyOoyOllk:6rWpcOPxPke+e3fFpsJOfFpsJbgExEU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5005) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ms.pak.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\net.properties.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libGLESv2.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicudt53_64.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.LEX.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\msipc.dll.mui.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp	6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b33af4d98d97f856ce120c2e0d798b0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
99KB

MD5
84df3a1adbdc7bff87b2ebc4b6613262

SHA1
c235f562eb802d7623abcedf85aea0f1f428660f

SHA256
b3eb0257e83bea57d7ac12d813b3f41e8f6adaa5886e1dc5d3d05c084bd24002

SHA512
4b20fdac4160ad886415797107fe51cf9217674d26b9af2ed46f035817ddd58f0e4334322c878843ad3d59a5447397a577fc9867e16131788d20b79bb589e6d9

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
198KB

MD5
3ce729bd40ee76ee215846d459a877a7

SHA1
c44288de60ddf237b77f48951614a8a950d9c9db

SHA256
8f0262be05622f5e479e73eac839664aad575eff678fbea3566df5d26d46c252

SHA512
f7dd6255873bce773c11e3fee0aa1a9dceaf918b64b4fe110121f4f02ae2b52ede1f0f3babb568cbca7e50f1efcad958c0f43df0256c3ed47c41a43ca915585d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads