04ef0657684665e012809188354c4a659c5a23e537ac75f7815b3f6d59c5825d

Resubmissions

10-06-2024 11:56

240610-n38v7shh6x 3

10-06-2024 11:53

240610-n2aa9ahg8s 9

Analysis

max time kernel
149s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-06-2024 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
Size

44KB
MD5

117bd28085d2185f59371b20cc24add0
SHA1

37343497c15e5e6da3b77aedcc753193946700d0
SHA256

04ef0657684665e012809188354c4a659c5a23e537ac75f7815b3f6d59c5825d
SHA512

b5ed674dbddb2fe2f7487f5e99d460ad339ba546d1f3bb625336177ff9c96c42fc9087d9187f61e97b363d4ecd80bf62c380310c627ce40cf841e05ab1b7850b
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecDb:W7BlpNLpARFbhblkYlkuvIYFWcDYcDb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\InstallInitialize.mht.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Numerics.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-CN.pak.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ul-oob.xrm-ms.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ContemporaryPhotoAlbum.potx.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\mojo_core.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPSLAX.DLL.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp	117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\117bd28085d2185f59371b20cc24add0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
45KB

MD5
54eb2dc85b45958de70c33826d5aac76

SHA1
996ec9e11a1d29a071d5916343b0f8842cac295e

SHA256
17793d822ee545c7f939719d8310746aef8321ad821e0a053347c1217201073b

SHA512
62100fb32dbe703099900a0ad19be9f912111bfcda0c14817401d0d9bc225ee79a4c84952b181b8b6ad64c86ceb45043565b80e3bd2ffa17d0480dbfba13c529

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
143KB

MD5
106c5a90f5483f8433276624c6511072

SHA1
defe916249081c457a916785008d54325602714f

SHA256
706c0e58d578271be64a0c9a9df4c4caf62d1c95a208292f083c9c22e95cc682

SHA512
a67b2be7370fd51a9edbeccf53457a6a6eb27d6f55306955c02a79f06f6d99d52554e22926f81829cd63a60f74c7178c23a3123c84bbfb6d5a77305375694dd7

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads