1d486a9cd4f88c5f97f5ee01538d2c66c196a8d010b4cb7da0400b0b8ef79f9c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 08:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
Size

82KB
MD5

94d8cd807e8f05c8e506f1a5386942c0
SHA1

a9a227d3071f984ae3e5f6400c53142080a7faf1
SHA256

1d486a9cd4f88c5f97f5ee01538d2c66c196a8d010b4cb7da0400b0b8ef79f9c
SHA512

f68332802650dafba7a94d577fe41cca440b635acc7749dfeb375d122bec1ae474ed6898e3d01f6f8c3c49be4e1ec8d127d6889c1f483a48f94463f10c85cfd0
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t2rt303hHUss:6e7WpP9oVLQthbYY9oVLQthbUrt7t2r3

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5196) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\manifest.json.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sk.pak.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png.tmp	94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\94d8cd807e8f05c8e506f1a5386942c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
82KB

MD5
e3185535960368339e106d4351e0689b

SHA1
fe73fc4794a63de3bedfb6549cae34dd3a328674

SHA256
faa3289dd910c99128435d86de9c368d0794043d0cc8c1f0a4ae57a6a41b7f73

SHA512
1415428685f42f5775beeefba25ad5d35ed5dae3a89f419938c46021543e62d4881775f9e3ec64061e69279a89aa29b162d8ef0e0578cdf597badd1d4de0bb5c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
181KB

MD5
ac7b642a2986cf0acc6d635ee6f84c84

SHA1
df7f302c066e410d9420d8a2b0a50bead387ca55

SHA256
528c7865126977211eb557dda37ce0cea08f8bf779475a3f2262a6d27c4bc438

SHA512
791f2a14423e8df66d37a0985c03a69d880761b5f2848f7520a02fc91b0df4db789eb3cdaa2baa5873783aba16172e644cafec8400e5cd552c4fe206f263f848

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads