b52f3395bfe4f1bf894a84bbe34110eb2f49e3ae073388ef9f74de9a67655009

Analysis

max time kernel
149s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
Size

77KB
MD5

eb8d5f273f2d2562946782f90ed3a760
SHA1

0b5c66201ce1b349f1f766cc9b126b58f5fea51b
SHA256

b52f3395bfe4f1bf894a84bbe34110eb2f49e3ae073388ef9f74de9a67655009
SHA512

47fe648f8e1be5c0bdd99321966931d52e6882a4f633887e2ee80fd17ac62ad5834dd424391295bf3d1ee1b0b5fdd4088e0cd3056a92fe7fb950ee774afa88cb
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/r:6e7WpMaxeb0CYJ97lEYNR73e+eKZr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sl.pak.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.AccessControl.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-phn.xrm-ms.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.tree.dat.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\eb8d5f273f2d2562946782f90ed3a760_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
77KB

MD5
39762e8a62cb0de58038ce75081d8e5a

SHA1
b8a665c6fa1c2c6c8a3870dbc251a744e63cc85d

SHA256
b02e0e32dcad0f6ecdb3e17ab20d723c3e0fc57d5f448c9ca00776ae772a1ad4

SHA512
76017d2fd54b47b91cb285ce6baf4c4f690e7dc49a2b98eeda1eb83987ac0baf10011ab7b0727695b97209010443bffcbc96fecf5fd3b38519ff65d67ca6abff

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
176KB

MD5
ea11f9b5abf85fd788f31510cb03c5f7

SHA1
2262d00bfbfeda12d0f56fedfcb47735dfade69d

SHA256
bb97865216afd035d9e4c78667d336420ec9379ca7b7bd90459f13fa8ead7eb5

SHA512
8266879f9326adfe07a81b06ab55449398adc34f67c1963c8f4d53a074085c905d1f10a9f9ead5cc5b0c75dac8c384a0dbfaed89b23960635980d2d815243dd9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads