e8a53266dd662105b3c6ca7c502a6d6dac7eef47e41f8fcc22c067b3619bc120

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
Size

63KB
MD5

eb0140d7fe73f75db53f06a84790b2c0
SHA1

fa06332f1bcfcc59330e9b9aceec21403de55e54
SHA256

e8a53266dd662105b3c6ca7c502a6d6dac7eef47e41f8fcc22c067b3619bc120
SHA512

c237ce90b9eb19fd8d7045fcf0eeb116715b8673db4f281214ca029528f71d950cdd8c74e0a5f4035997633c4cbb589920c425ddfb29c448b310262540b592f8
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJI:W7Z9pApQESOHepOHe8G+6E65TGApuwuL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5206) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\manifest.xml.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-REGULAR.TTF.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MTCORSVA.TTF.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationFramework.resources.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-ms.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp	eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\eb0140d7fe73f75db53f06a84790b2c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
64KB

MD5
d17a40a71d65aefeaf0b5fcfbe8ee6b5

SHA1
93a53f0affc8b9f50eb193c90891a8ede8e78460

SHA256
25358dfa1af9a995084e17fd2fa8aa54b3a7431bf195403ec340cfe81b6a3796

SHA512
19bf85461ca3c4ca6932365b8e697b71fd9e5ede3801670cca8b9a27d2c369182db838cd468fb915eef96327f7bb71c0071147dccb8c604a9f5834c87abd34e7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
162KB

MD5
e49e164689f978b843042678ee862a77

SHA1
772435ed2057cb60f367f23a013ec4f8f43c77e9

SHA256
2e17938a3ed7a7f6300e048134fb92847cd645f823cf790faa13e889da12ccf5

SHA512
db0cc7ef1301c12035c514abf550902bf19ec8d45f5bb42681af6779c26a12c09c9a5cf5221de3c8fc280f281468289e77f56681ca087b6b115ce1bfdddc5007

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads