987239d7212f35be7662d736cb7cb812c5237f56ab354f58f198cfe8a1bd7095

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 09:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
Size

96KB
MD5

8cb3454d255d16fd35e5f709c7a3eef1
SHA1

29d2c87c62d415a4113eb697a1d161bf8641ca3c
SHA256

987239d7212f35be7662d736cb7cb812c5237f56ab354f58f198cfe8a1bd7095
SHA512

f6fb72fbd111c55f093e39e4db7969adbee3722df94769683a1ba500a0c20c46f166008fbf70c3dcc9909b36815363be7cb8ed9a15cafce0d77d45168288133b
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPFywyP:6rWpcOPxPke+e3fFpsJOfFpsJbgEF7+

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4864) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\eventlog_provider.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Input.Manipulations.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.CoreLib.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL058.XML.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8cb3454d255d16fd35e5f709c7a3eef1_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
96KB

MD5
92109e86a1010f51b28e7310e196756b

SHA1
062c4850cef0df33bbadd25286cfa6a94461c6ef

SHA256
1832a70e83cac42d0f42c8f7286ae5fb0c8ffc3aa675c808ed13a0f5d05eb7c8

SHA512
67410dc51e8ed099bd093ffe4ba28865033af47bb6c2c9c307c841280389632fbdf83805d885914fbd57a50dbc765db324875325783a4e9617cf37b3616d38ec

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
195KB

MD5
f53de60a8b59317de45e9ae36b5a2d3f

SHA1
e11935954ee9f7cd7685902aa1f99fc28bc44c48

SHA256
fa45bbadbb6df04646cc27c3fa6c5a6d4ed208940922fc7f2e8093e1ceb6b1bc

SHA512
c0f24c59862a9a82c74cd1b25dd973970d282adbc50760c2779665da5bb3fe065c42a116382ea424ab73c3c3455e33ed6ee50cc2076f0c1348a54a8c9f8c437e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads