91c635b6a5f86daad9c8c34cb1d9ba2664b9af7859eb5ef96a58e39d1739665f

Analysis

max time kernel
149s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
Size

81KB
MD5

6ce105989cee9277afe398df73865180
SHA1

6a155ae3fa9226af7e28e4fc42857ad64cea70db
SHA256

91c635b6a5f86daad9c8c34cb1d9ba2664b9af7859eb5ef96a58e39d1739665f
SHA512

1ddb36a4e997b4e42dcb32558505a176453c5a107ecbfbed6868fd31ee0a68a3bb98fd192603f4b5c5785419ac45a9b0da49930a6729182a04d32c51cf08a8d9
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/HfFpsJOfFpsJJ:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfFc

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4828) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrjit.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL111.XML.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ul-oob.xrm-ms.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ru.pak.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	6ce105989cee9277afe398df73865180_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6ce105989cee9277afe398df73865180_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6ce105989cee9277afe398df73865180_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
81KB

MD5
4f554f04c322b30c0e399d08059c0591

SHA1
6fab680c7000e5d3de658848d07285889c942d94

SHA256
ad2e69694f8a243100adfffb90ece678067a9a4c5c7a009660c9c2c574ece00d

SHA512
85871a8a21d6fcfd298a1392b34f8b2bb31b30645a4741697ce3912eb2724fd8c65f6f5d5009a7100206c71ff125de459db06d9436960989cf81125eac385426

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
180KB

MD5
0b6da0473feb336e6240366cac133557

SHA1
3483e9571ae76fcb388681dc900e706bf446eaf5

SHA256
d96f8b895ca90fabb6239b0632166b8cfec04069a232b60693a637b47e8e8832

SHA512
075d66a1230ed5251e1b62e61f400f09c1d204871e7c53d57f74c1f211c8a390213628073c559c67fc4177b083786fad04a925e88fb572f70d92971f1cabb5a7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads