be289b4beb5ce5f4f94b2cac800a9c2f98370d90153d64d07b858a251fe97c25

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 10:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
Size

81KB
MD5

32315afbddc1d765d866de9d2d18b8f0
SHA1

b9e475104859a114d4647209714a07b3e95a05df
SHA256

be289b4beb5ce5f4f94b2cac800a9c2f98370d90153d64d07b858a251fe97c25
SHA512

2d304cc6bf87a3280cb84ed4b28dce2677d6801680554ef7cf346126b26abd747129f30eb794077093b2ecdbaa881fafca70b4deb73c63fd0828fa570ab6542d
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhG:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WordInterProviderRanker.bin.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationTypes.resources.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\upe.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\STSLIST.DLL.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.boot.tree.dat.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICI.TTF.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp	32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\32315afbddc1d765d866de9d2d18b8f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
82KB

MD5
86d19ed3b3410f9a3025d0de4e64abcf

SHA1
f36e34460068f3f9d598cdd285f5819535e2ebac

SHA256
3848fa84e0961423b6c4e574416798d3f28d221f2da8088c1fe65e2387564d38

SHA512
17b750a04b7b792a98b37983b177537afc9e5017b1af06eee0e213c88295791a22c3063173d1d3bb88bdf6363363ad9945688925528403f29dcc0a0f83a2a7e5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
181KB

MD5
048b42881b710e21a3fa2bab00166dda

SHA1
e49f04b46e94871386116b09bd2e11b015c74146

SHA256
51c4c58c552df9dbb89cd1553bd104327c392b9326004dbd534534cbd8224239

SHA512
f088e08e4b49dce52dc9a0e78eb3faf34ba3a7ba078468b449bcc60e1e9f21bb41bc3b5e88bfd00b7641676c15e2b0ced7c2dd1984ca6de4b43e9027ea441e41

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads