df65fcf586b56190b1ab6ad5ed234e945e338bd0c2a3a488a4d72f0bd9c95fa6

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 12:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
Size

91KB
MD5

d67a3f9f2762cebf532897092e1060f0
SHA1

606feccf736b041779374f49285798e024c5e61c
SHA256

df65fcf586b56190b1ab6ad5ed234e945e338bd0c2a3a488a4d72f0bd9c95fa6
SHA512

452bcb5c59a31bb898bf1d5cede2c948fd17b97671dde4930c191116debbba2d44d925c611d3b03d19a42dbb9fd8db2d1ac5467f79c4fb23b5535cd51781a8cc
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/m:6e7WpMaxeb0CYJ97lEYNR73e+eKZm

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4834) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\resources.pak.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsBase.resources.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jvm.lib.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lv.pak.tmp	d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d67a3f9f2762cebf532897092e1060f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
91KB

MD5
8afc44153d4a129d66a839a49767e688

SHA1
802fae14d06cf039018b380b581cd7af62c103d9

SHA256
0e1563a31f21c9ee2dac19bbd4bf1b9c50cfd5f2c8eeeeccb18f8d7137ea7adb

SHA512
332c77afbe675a92f228572f4a2ccbf84861f2e4c7e83805ed3897593abc5827571ea3f0539bf4365813733a8ce5518e7e44b7893ce3cab7a6f79e4168a92f41

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
190KB

MD5
9a627e29886aa169ff9642505dd99467

SHA1
9557c4d401e139d78028f60d4773d1d3e97ce830

SHA256
e97f31d879701d9068c0ed3e764622e7644b6a4096f35cac60db62b8a25d4119

SHA512
234d24106e58fc3a4db19c40f45a47bc814756a834cf7c3b6f27cffd52390d0555eda8fdbca3ad9699d374661624d688ea88afd960e73704903bab4ce8d194d7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads