d319534f97396915e13c9944e71dd422265c4f2c7c53277e3a73640d96e789e0

Analysis

max time kernel
150s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
Size

80KB
MD5

cd41996d8fc4763384c08ea5acf3e260
SHA1

03e70d72bb8a9f2523c1a8976c33e03500d84c1f
SHA256

d319534f97396915e13c9944e71dd422265c4f2c7c53277e3a73640d96e789e0
SHA512

90d1876788260dfb8561ccd4b05d789385497f26dcd34839728a31493737430e1c61478497b67f0679c9df38fcc9f82a552418ce3c8ac8c1b399ef7e05232d08
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/HfFpsJOfFpsJ8:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfFl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5130) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryNewsletter.dotx.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\BillingStatement.xltx.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.boot.tree.dat.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\vcruntime140.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc.did.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.boot.tree.dat.tmp	cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cd41996d8fc4763384c08ea5acf3e260_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
81KB

MD5
948d4a3c97b95fcca3c1fb14321c5d81

SHA1
8412346d207f4fcb216fcaede29aab17dbf37e8a

SHA256
7e74a5835aec864a31e3da77fe605f42754717bdacb4171c0327b3b0bccf26c3

SHA512
b063b3fdd114a7e6344846562f3b217f1475a6ea0883730854a041f37521f9870a805f45cfde50a7e0e01025094b475c39e27eb3f78611231422cad9233e4b4c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
179KB

MD5
bfa3bfe7d5818416d883de8b295cc42c

SHA1
99b1714a612b2076de5105ad09cea448e8fb81d7

SHA256
b978ed53a6816b07e1e0d9044da07bf5b8fee10e337250e29531ab96ecd9b242

SHA512
5f0ccd7002a662596c7531f2b2422f946a62bd5df1f412a5c35f3554d8c7f7d286e8740189176e5e5e0e665504abb4be1ed7a8e561bf60a1403a030019738a3f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads