d300607b1aaa20bc277df6a41f4260f6fa3d96109faaba6495bdc81e7e34b9b1

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2024, 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
Size

100KB
MD5

474f86573d581c16a7b9eb7fec82c420
SHA1

11d27c330029e20cacaf74994d0fa150f610e6bc
SHA256

d300607b1aaa20bc277df6a41f4260f6fa3d96109faaba6495bdc81e7e34b9b1
SHA512

d40df5e27486b6e20fde44e3f1540fc42fe324d6a190dfbcdaf954f58601e6b9d9adc1ccaefd399740315aaeb95c0a9329533feb25f3700dcea80c175ec40ea0
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPFywyeSJ:6rWpcOPxPke+e3fFpsJOfFpsJbgEF7sJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4842) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClient.resources.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\el.pak.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.common.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAME.DLL.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\474f86573d581c16a7b9eb7fec82c420_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
100KB

MD5
ecc3ce90dc6ac40d1a95fe501908f84a

SHA1
78818fc34f596446969449e3343f77b7ca4914c5

SHA256
714159ba554b0fee8cb8289163d102636860ac30b4d6ea5d1c80dd1793514b66

SHA512
4aac6b61f00933407efe51ba99ea5880620d8932f96ca2254d076791c14d7f65fd1514627bcb0a8914e7b89320520b3bfac6dbf3a889b03a85236b3617cc5cea

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
199KB

MD5
d9f7791ac2829b1ded780344e82c57dd

SHA1
9f799efd8f8cc7f92973625d6a6cb295e22578b5

SHA256
9eec7bfa94d84b0571189a826d98d3fb028425352517364bb69b7aff672cd6b4

SHA512
93a1baa33c0f380202ea4466dd3675de0c32ac69c552aff1137e7a35771bb311f1f03e35a93c812291e13f846b501aac1356dc19107bf4f63ba45ee722203bc2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads