d99bc249566cf24f6eb869b23ae2afc3f1d8b1931a7ad3c94f928d39f8290f82

Analysis

max time kernel
149s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 10:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
Size

84KB
MD5

6b1f0357aba421d25cf78a56225adb50
SHA1

d78b2d09ce058fc985db26a9f235688193c70330
SHA256

d99bc249566cf24f6eb869b23ae2afc3f1d8b1931a7ad3c94f928d39f8290f82
SHA512

6369b03f17fc58280c6137d62995964db2aa55e05de2d815418e6e9a8a248fe6e2e3e530b89a6496f725716231b760060f8d1b54f860781c9b57d9fb9f4135bf
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t2rt303hHUsJ:6e7WpP9oVLQthbYY9oVLQthbUrt7t2r2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5021) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xsl.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-oob.xrm-ms.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\TecProxy.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-TW.pak.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationUI.resources.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.js.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp	6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b1f0357aba421d25cf78a56225adb50_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
84KB

MD5
a6f8af86244edc267a2f318f8a356ca6

SHA1
c87c1d9214fa69109c69afdeb15738692f61a3e2

SHA256
51aa1e0317ae88dec0aed7cb156ca476ff09c0d5907ccfd5663859df38497614

SHA512
be63ff01784c8af7bbc858580d6782e6249314ece5e2ab9fdc2609ce7381bd404e8e7a3d622af5e0c632b2109b5ead6f6901316ff83326eec1af8db172d9f7a7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
183KB

MD5
a26ff6301032e84227beefee6be33455

SHA1
add6cabe64739fa0fda6bc7581c86a75b39c0149

SHA256
43624835c9ff83a6fe348211c1f3014faea1e7ef57628921d63b6a323119d5de

SHA512
ca048931ff56ee642f1563d49997940f973834c8c0d4ebadad4401b3bbfefaaa2a40079dc401079156121fd8493952b1c2d221ee617e9c4bcd5937044ee82d88

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads