696f541fcebef1c0f21ac15935ced4921b3d725c57e7e25b4474a14adc4b8106

Analysis

max time kernel
150s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
Size

99KB
MD5

c8473517e24a271802836cf0f8cd4b90
SHA1

1cff937e681342d7f9eb67e73ba012fcef5b9b24
SHA256

696f541fcebef1c0f21ac15935ced4921b3d725c57e7e25b4474a14adc4b8106
SHA512

0e3b717c86c39260dcfa8c3b653f749e33f32a4b82b08e34f22eeb569ae9f0aacd36e5a1284b1c2455bd0f39e15073343380df1868280d71a5b3901fed608230
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76RbUkeV:6e7WpP9oVLQthbYY9oVLQthbUv1keV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5109) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.IsolatedStorage.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ppd.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c8473517e24a271802836cf0f8cd4b90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
99KB

MD5
aeaf37eefcc28d983f25d6e87ef5f14d

SHA1
32e654c226c583c476c8ca217b1675cbf229b62a

SHA256
7a137504d11edbe2091fcad8fa11c342c61e2113957278571a73641e0abeae31

SHA512
ac421643cf3ff7596953af55a5e467e63a59e7fc44ad7bb1ad2680c4437e3c0ad01e848806ad6c8bb9d8d79cc722ff8ac4ee18d503dd6cc15cb1c302d8f744a0

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
198KB

MD5
9d4e0d5349b7b4176565b8f130ed6d85

SHA1
b9c36bcdf90e97deaaf5abe7b1d704f1ee12cfd2

SHA256
fb693541f9da6f7a7866bc9b42b7507a6212e0f5c0ec72e5a7666f407ee1a485

SHA512
52218121ab4e9edde06cbb1bef25d2ec62b224471808c98cef1c7a58fad52603883aab0ccd09529f81c4d1689bd34a80762894a9c730cf6d3ff938d3072cfba0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads