f7a770f9e024d3698ca57bfc4533092cacf644d6ee48b6ccbbaa0abc7fd7baee

Analysis

max time kernel
150s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
Size

79KB
MD5

3b049f733e3c089073a90bd2b02c79f0
SHA1

0b7f5399a2ae51159ecb19888ab0cd3721f99469
SHA256

f7a770f9e024d3698ca57bfc4533092cacf644d6ee48b6ccbbaa0abc7fd7baee
SHA512

ecd5473c22415b9c8cc5e1b5fd73d5df01b563f651d6df82be4f853025b35bde12c4ffd265259089584ff01bd3870ce9b555596491b14d6359b6adb8fb52080f
SSDEEP

1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/8p:6DWpwE7oL2e+efZwZ08i8p

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5027) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-TW.pak.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\LICENSE.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\Logo.png.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp	3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3b049f733e3c089073a90bd2b02c79f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
80KB

MD5
cda712a81d901ca2fa660f3c4cf0e8ae

SHA1
eb1383d46ae574afdccd9b8fe64af5ed5c622e0a

SHA256
824c7ee849b8994c8e1ad33da480861e411041838985d940232b38acbfde24b9

SHA512
d037aee55a36128b789a76628eacc31f88b6850d8c16dd5832e016b0805942e1e7b8cfd6d1a60a36fae6c706cd280b9740de964b20b74a2a960f08de4ca4fb5e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
179KB

MD5
0d7be7a75ee34941c3b34330cf5b5de5

SHA1
4241192d108de3f9d1d5c6ce76a4badd069511dd

SHA256
c0a5cc3380f94a9b30a51d149e1c794264295f984290c4e7c7561129fd806b78

SHA512
ff5376c79d2697874c769f233872382ef70d3299135cd3cc0078c7dad7d7437f8040cdf58f67eb0c6f0e8134a600aa6357bfac94edbb6c4c08208fbd2a59f3e9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads