df6f0b61ff2f6ec34987955de90fb497ec42d84b3fcdbe142dd0dbaa662815a0

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
Size

78KB
MD5

578fad7450586bb046ad1668a64a9f30
SHA1

7c99d5c2e38be3c1feb7308b671ac8d8de443005
SHA256

df6f0b61ff2f6ec34987955de90fb497ec42d84b3fcdbe142dd0dbaa662815a0
SHA512

16e03c31cac1878150c91cfb5141f4522b7bc7c091404859dde4f3e5d43549e6a7289fedf9f232e6a71398753f3efe3221845b7f8ec738ce1e6ce6b75b7c712a
SSDEEP

1536:W7ZhA7pApvOsOKjC0YSilpFpfkJOM2kJOMIsKsc696xZ2:6e7WpXYvndS

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5038) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_wer.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

Filesize
78KB

MD5
ef36e616ef0f41ee4d421af0a1968e68

SHA1
c08f7fefd4b603e9c9de7bcceb94e83c43851d39

SHA256
bbbe76d887ad519ee687d1b8dba9058edf66b1045d58939b56fb6e60e3aebe74

SHA512
4c49d6de8e3fe07b2f8c30dd402fd053351add6a4e32499bc1a3582b800ab9a8b023795b2d6f688b7a67ca6d8ae31b7deaab5931d6b528d3e9b65a937508f595

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
177KB

MD5
70d1da15a3995d43240124c6934fb291

SHA1
f07dfdc307d64a7237aca31c64d6ad58f47723fa

SHA256
3a8982f3a98cb86dfbecda5dfaaf1f013d0d6761237bc39951d8695c424c3b32

SHA512
ae6e985c65fd0ca11bc158cf444ea0d670a4b6704ba41c60d1be78c345ca444fd3fc115dbf501e9c6e57e3e1e515384c7ea4f5416c57c815b98689ed468f6ed0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads