4567b7288a1415dbedc5e8f0202113960e3b0f2bc044de82c4457e193fdf8561

Analysis

max time kernel
149s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
Size

40KB
MD5

59dc21a520480ba66ee1c80c9251e6e0
SHA1

b577be81e159c99260c2dfb6ce97aca547ddaf4f
SHA256

4567b7288a1415dbedc5e8f0202113960e3b0f2bc044de82c4457e193fdf8561
SHA512

bea139f268b3e8569440b7c734ca36a9090ee0b24aee227c0d304620de349a39ef6ca50c8bfa0042bcf0fce8d3d86a562f4cedfbc6a9d5d1db6253ffe8d47c27
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKru:W7BlpppARFbhWJ3

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5113) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\PowerPivotExcelClientAddIn.rll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\misc.exe.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bg.pak.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.resources.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.CoreLib.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\LICENSE.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osmux.x-none.msi.16.x-none.boot.tree.dat.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp	59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\59dc21a520480ba66ee1c80c9251e6e0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
41KB

MD5
c81a9c0acbe9c75c6c6fd3d2f8ae7bd5

SHA1
47e07c03afd507afdd236c0a2a7070a4c24f851e

SHA256
436af3a21b3d797f3debb5dbebf017567bd5d97bdf7f02677e89364fa3e7b538

SHA512
f2c31f044b0a968686eabcdff960995cae24858a787caec8078490ef22d88992cda8f3afbe748cf66d86de2c4a02e10ba6f7b9fca486f0b740650d995f982b0f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
139KB

MD5
e08dd34a57f78ef758caf89e55f8301d

SHA1
cc2d08e28a7b906897a6d1ec64e379a7f90003fe

SHA256
0bc8d1db081ca52ef09c623908f8002330bb9a2bbd7cbd55161cd4667f25035f

SHA512
ab3d7b073c53189879f6059c9994dfb316dd7ba06d6f3b41ea76c5cb11f5a8a3f6ce433d75263e5c42f0216eed27654e490a146b1c52baafd597c519c901791d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads