dc00cfcee5c7902fd56c6d1d418d296d0c3df84d3690518ce0adb019dde24a76

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 16:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
Size

105KB
MD5

efdf56182e690449b43349b1d557ebd0
SHA1

d6118a7f66412aa1db7b9e28685af55e7483ac88
SHA256

dc00cfcee5c7902fd56c6d1d418d296d0c3df84d3690518ce0adb019dde24a76
SHA512

35d61ca859f37e8da6172b929a8e8bf0cc7b27b430d125a18a1c110cf4c9390b23bac3d4ff6001f08b244f31b04d314c8af8253ce1aeaab5ffea63fbb5b6856e
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5pYJIJDYJIJOO6O2lpHiJOP25LqrH5HiJOG:W7ZQpApjIWe+eoO6O2lpiMZiMo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4856) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsBase.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-phn.xrm-ms.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL110.XML.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp	efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\efdf56182e690449b43349b1d557ebd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
105KB

MD5
a858345eab9e00d5c2c2dcc1600944f0

SHA1
0eede25f8659777d4fe8f0f2cc29d72c06a56ba0

SHA256
aae5306fbc0cfb5b7d179e985467569b83c722bde102fcb9cd17dbcfb5864d83

SHA512
e844fbf3fa4b3c7fd1158c5a80da95064744206616318e97e803872798800029e86d18840a1ee31edc161ec4688097ab10445f665aa3bb83e49244b9ffffb8a5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
204KB

MD5
3cb72c797de358114b0642208dc343c0

SHA1
24dca830d23793b90d335e2d7d4d48c04c77cb01

SHA256
8cd884ece8eba39425f150aceddb236d7752ee958e76f9477c07f3a35f2bed63

SHA512
9800fc0f964bf6cbaa2072cb422b0218246a473f0b65d37bbe538c94052e09cd892230ee0596a29ca36b42238c3c4030b977ad8a44cb254b0e8e1bca4bf6debd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads