c690479a2326e093ee405966d4ce50a8764040cb2116665e35229623183cb1cd

Analysis

max time kernel
150s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 07:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
Size

46KB
MD5

288178afa65c76cd93c809b8171b6610
SHA1

4f115a122ca24fe126ffed5f3b5dfe72e0d1541c
SHA256

c690479a2326e093ee405966d4ce50a8764040cb2116665e35229623183cb1cd
SHA512

e02ffb79cd3e94ae9320c9f51773e6290ee721d2ed2dff17320b792860df7ab2c834e2ce876a338360e7a1a8ecada9cc0808d96d3683f334dc368d0f394d4d02
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrP+e8ccT+e8cc/:W7BlpppARFbhWJc+e8ccT+e8cc/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5216) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\kn.pak.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\ReachFramework.resources.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ppd.xrm-ms.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Xaml.resources.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationTypes.resources.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL082.XML.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\meta-index.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\libeay32.dll.tmp	288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\288178afa65c76cd93c809b8171b6610_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

Filesize
47KB

MD5
a165bf1e6ed2670f390174bdedf2c75f

SHA1
c51cf973f728819af2e29458093aa14b91233263

SHA256
d5efba808c4b7897c83cbd7da0b0dece745360ea76ea5ec4541394d0d5abf0d9

SHA512
6706fe728fc5d2d7462e3b4092088de55edcd02fbc6a9da3b9ce46c73cdb5ddb0ee847635d2bf27701b9953797cc107bc4692cb9042fef9d59abf5eb5295d886

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
145KB

MD5
f4f03e28cb0a6a0d454a745c720ef161

SHA1
83ffea49c42317817392853660ae9b431bc21537

SHA256
34f07a0beac67e75cc8ef6d190fef3fa2140462d556fa342aee79e1ee8b41c72

SHA512
2c6618f78f2f334dd7e4822e5b706162c58e46c8573cba22971a55699368d49e88c6029410a5f193f41057c9aa39924142f965b7971b4862c2b6c0aae0e831e9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads