6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
Size

85KB
MD5

3c9868d648a2a6eba861504d8f663d00
SHA1

210978a82897863fb3ea4c9ef1e6f126fc6924cb
SHA256

6b8eb957742c0f51fe0c9081d5ae6785f6afc9c81ccc28b045b8b8b6a03326fa
SHA512

e5376a740449677dfdd11eef3b13b0b9ce60bb94978c085f980ded145d9991805c496835bb9152e0a1fd7a2c763af21608a72e9192e8bf4ff99f3b1b388af2d2
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/Wys:6e7WpMaxeb0CYJ97lEYNR73e+eKZy

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5005) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicudt53_64.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\AssertClear.cab.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC32.DLL.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\README.html.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\vcruntime140_cor3.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c9868d648a2a6eba861504d8f663d00_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
85KB

MD5
d892850145b5612ee5e4105f915e6cc4

SHA1
daec83b75079cf42c9a65b3eda794f1de9ed0b6c

SHA256
482eb1c94bcfb83196ce36e985752084c98acca18258bbeebb334e08c78236bc

SHA512
b045566b6cbe0316ec47e66ddb6f1209f1abd7da4ec4dc0c6201e2d598fc9580975e0407d331a0906bfd7bb72b5b7d472f21c62cd45cc74a2092ff06b07aca41

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
184KB

MD5
a8b5b7899b658c50931955e6959ed638

SHA1
965c44dde2ed823677c286c0d4dd9916faa364a1

SHA256
060bde15e0748225087600b4e8df77ec4c0d42f01e804e95adbaa7a3fdbb6623

SHA512
9b15a525054208084f8cdc1f21a5194e97c611e7eb63bbbf1f709967592adab24eb10438dc6496a6da18547de90424e5d08fca0478346296fa696e85541c2aaf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads