cff5c9071f32593e7c7333ac260b79c6cf092450545aa0bb7c749ba82f44d674

Analysis

max time kernel
150s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
Size

76KB
MD5

c7a3bd62f5a23255826cbd24f4e9f690
SHA1

3eccf2bcd4623b748f7bb997cf8ffb4d5b7bcfde
SHA256

cff5c9071f32593e7c7333ac260b79c6cf092450545aa0bb7c749ba82f44d674
SHA512

bb0160292f15f536e209a757a29639789364c9f2e9c389c6fd0eb11f5216f35e87731f47899f8c1332a984d7b33beb488a6cc8c1db7f2f086a53679522ad4e44
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHg:W7ZDpApYbWjIlE77ufL2e+efZwZ2W

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.png.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeExcel.nrr.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WordInterProviderRanker.bin.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_EN.LEX.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsBase.resources.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ContemporaryPhotoAlbum.potx.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Numerics.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSVG.DLL.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp	c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c7a3bd62f5a23255826cbd24f4e9f690_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
77KB

MD5
416c2f9014c4a3b0e043ba1385e34f12

SHA1
8c5778d4e52be27236d53d13e13df3ea13a57c1b

SHA256
8a335d0d7f151ce4af6ab1f40bfd16a416455119ae4d9903f5fd89fcad238e3d

SHA512
5691b0bc9ff9f5f23f7dae521d376202f60c8054710ff0c66f756dc77420a8d234bf902a338e966ae436f753fca6b96bea4209abbc6ebe8d67be9244b4f8ec0f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
175KB

MD5
5ef35bc9207a5d5e18629f5465f5f96f

SHA1
6121eccb3c1ccee1dcd811394b89aa1b6b4591a0

SHA256
ea0897955f3de3e05738fe8bd03603a869b514607aec499f01dcd12db5faa223

SHA512
11c6fc1328ad8fbe01f8c9eccf6d62fced4dc0cdf59aba74c9653f39e4a0d3d1d49a1933b4ad80ae2642b8335a21ece8fb12a319ccf5f80dc0af5806c3675627

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads