cebf909f5070f4d3327249858a14a8301190a1fe2e4ffb75db3f3c21e16716e6

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
Size

89KB
MD5

c8f41c7bc4b8bf127b65d199549632a8
SHA1

8c388dbc97c5d661dea77a3748104ec54bfea098
SHA256

cebf909f5070f4d3327249858a14a8301190a1fe2e4ffb75db3f3c21e16716e6
SHA512

2e3fb376945c68b9c942f9c0b8a34d6ac84203de4f161b2e5891849fa35fea15113f980152cb7bb3d83a7ee11c9058495ab9bc578e73080fe2934be47bcefa60
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhs:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4650) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hi.pak.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSO0127.ACL.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.exe.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\EnableResume.potx.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.exe.sig.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c8f41c7bc4b8bf127b65d199549632a8_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
90KB

MD5
92a16271c941a4c99d8c621fba74569e

SHA1
e4b892850d57c2db1ee2ee2153039d91987384b3

SHA256
915f40ed9cda3c0593ee5e0f8350fa594442ed14528d843a96cfe77c03e52d2d

SHA512
e1a4f48488a5b2baea72a121c49d30944827c98cf5edbebd22a9638a8c93a97bfaf00b8f8af463e748559fc9e3d60d965313457c2a3515418e7d49e345fee3e8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
188KB

MD5
a24cae9290b787e4123a07bb4ba6da79

SHA1
b43d6b7f723a3a7e83085dc47ef4d1eea6d15e38

SHA256
dd7e184a600a040e879b0ef43473b2291c985fe82f4d652819148d39a8a7f338

SHA512
b292e26da5ce2a9fe4b781719de64f008e7c75c71683b05b4fd4e08ff28ad9b78c7a7b6a4dfb0b5896e397e0a1699b0c754a0755784cf6b5245b660f36654618

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads