e9b536a3359030bef54f302b7beb25bb2194bb72c12d1f6c4a57e2da19c1440f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 06:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
Size

77KB
MD5

9f75355afc8b28c726c3bf2252076e80
SHA1

7bfbfda1f07131ac93ce759fbcc36c2764e144ee
SHA256

e9b536a3359030bef54f302b7beb25bb2194bb72c12d1f6c4a57e2da19c1440f
SHA512

c5fda34c5d64c169d8fbb697d6cfde57502360a1d5189adec8dd853949313f1957ffec3c4c867c9fdbd6347f60df6c7eff5591e193f9d0127bde151156d71ea2
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7YWtMQQQh:6e7WpMaxeb0CYJ97lEYNR7Zt1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5030) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Primitives.resources.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ppd.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationFramework.resources.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp	9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9f75355afc8b28c726c3bf2252076e80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
77KB

MD5
0d8d21d609ff1f1d797a3849a33bcc4b

SHA1
39a27b6f910d2f7aef657bfbf65ad30498c7451d

SHA256
36df67fab06b801a159b97693881e33040cac8107d92c22b17744e1dec690b38

SHA512
3ea2019e254b64fc75c767c341fab16c93346eb39cc643435b29980f33b34670aba1cf0fa364b0c5fcf9318b110485326aecf70146a25bd30ec3fc728f659129

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
176KB

MD5
bf61c29a320fcc3447365513552969a4

SHA1
7987c6545a1e414d0a44270836449bd394e3f432

SHA256
15a0deb9be790754b4416b77009ba00219c751655dba127665de8055bf27c16d

SHA512
b1e768ec5285830e8444f7ab0585f982154b6b4103741ec095a4fe135d8bfbde164d702968c8662337bf24a4f651b4ef70b1db85db9e5a7f7d04b8c479db0136

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads