f299d04335643d3bbce66db238edc0b43b25be6a7424386a7e022dca514cc558

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 07:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
Size

99KB
MD5

d0b2faf3970ad39429cb88c20a6e0680
SHA1

1a30dfbb1e6bbaa31eed1492d1ba144faa176be0
SHA256

f299d04335643d3bbce66db238edc0b43b25be6a7424386a7e022dca514cc558
SHA512

099607cd2c9273e6a735973acb45c9ad7f5c47dc844875d949e8387fda70d3ae52ec2df5c4998cc43303a16fb1e09b6a1250b56f9c29cabf8f69fd4adfe04e02
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZOfFpsJOfFpsJagd:RqKvb0CYJ973e+eKZ6gd

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4863) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.DLL.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Concurrent.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\DisconnectDebug.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-ms.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\instrument.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ul-oob.xrm-ms.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\meta-index.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d0b2faf3970ad39429cb88c20a6e0680_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
100KB

MD5
57d2afcd424464fd6a1e8d22531cee68

SHA1
fd0bee0be35f68ac70eac47375c74915bf682830

SHA256
999b7736fc8232f97792313d88f57acf8ea61a7fbc7f0a8ca57daa5bbe420630

SHA512
24e0b3c87bf74f833db7838fdcb031b0eb46a837922a7aff3822b546a4072e37e2ac250b2243a9b4035a2d9226970241753a44531f32206542e917454ff57d59

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
198KB

MD5
af2d0bc97d97e8e5323ba0e139db65e9

SHA1
5458e21b4d092e73ccc98d520429d4679ebdffa8

SHA256
37bed3098a0d83071af75e7b46671a777a52390c70f2d8d5908c838924cfb578

SHA512
b39358bf0e1694522b17e51f1f466cf13655e304dd29c8434193a9abaf4a391827249b8766bf5452cc5fac2c1ae79d62bd90419a0e9a7679740b3e328d0c7dd4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads