37b4c66b68d48058a40696e14e2da8db6b5f3d3b1fd76d08ed7acc76db29465f

Analysis

max time kernel
150s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 04:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
Size

68KB
MD5

336fe09958481ff99980c4165a327a70
SHA1

cbc82a8723a85218bd1950921ce10c78a038a831
SHA256

37b4c66b68d48058a40696e14e2da8db6b5f3d3b1fd76d08ed7acc76db29465f
SHA512

42557fed82f673d56133de22ad3cd1e0216ca07c07e6a69d4058647c57316c0cd084061a899e9493467b5b674a155c94fff88c161a72c329c08d38eaa28f4d90
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuWnwXuvvnwXuvI:W7ZDpApYbWjIlE77uew2w7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4862) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr.jar.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMePowerPoint.nrr.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp	336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\336fe09958481ff99980c4165a327a70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
68KB

MD5
99f9658c327f67a9de899e80341713a0

SHA1
c2fdf038b088bbf0467740d6d5457473ad7d546d

SHA256
89b90d4eb66cec1cc51b801024d296423de7d5848201cce0e25395750fd81a3b

SHA512
49826749266e845cb05dcf073091088418c57110f4b0820ad2253c1049223d588b6231c31c5a6b33fd7cc9e31455907dbb67e17906399794141dc3b0084d5a55

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
167KB

MD5
09f9d4956e4f8c08e7ef90f523de6e43

SHA1
ad425638900f355bfddf50fe4764f06ba36638c3

SHA256
0c072b8a9dca2425668421db64205efe171ab4ba6fcee47b8f37d380ef065dbb

SHA512
56e035b373a1733cc89b04c0b68b3e0afd477f3c7f3d9babfd2a46d2d0e325b34789e4626cede15aef48eaae26830a46c1edab8ec25ce46ae5aec0e762cea418

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads