08b9e88b7b7193d5d1f49223dccd6e98b4372a5a2437838f7ff50908f634e852

Analysis

max time kernel
150s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
Size

46KB
MD5

d4e267d48b52c8026b8cebf7cb7bca80
SHA1

ceb489253700f92adf5bcad38f9bb7e34be356ef
SHA256

08b9e88b7b7193d5d1f49223dccd6e98b4372a5a2437838f7ff50908f634e852
SHA512

1d22bb77b05a8bd0bb3131213808736f7dadcba3a3be78424df6eab15af9c28edb99d246be6c274ddf9362af6d85672cecc4dc37ac9282a4007131df71d7c8b0
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbN7:W7BlpppARFbhWJQip

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4832) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.png.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp	d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d4e267d48b52c8026b8cebf7cb7bca80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

Filesize
46KB

MD5
1acca571549c587c30094ca412e1f855

SHA1
23526e20b723c957c65d1e841d218ec3e9cf1e82

SHA256
b5f53bfced0087277e19ed8e65a15211a23765cae6e6f530e8ac4fe9533f9247

SHA512
6b992ebfa812111c557681fa099df5a475244ecf7435be3b1ce66c9d7993569bd40cd24feca76affeda80c3a49756585c9e243e487919a96781c61fa9bc73864

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
145KB

MD5
de56681aff785783d4d34299b9b590ae

SHA1
ac7ce9d9c0421ac5625657f08868a46c521b5094

SHA256
132635dbd5420865b0fc44caaa6c0ad5076126835210ebfed3483c18e7841644

SHA512
9712574ea8c092462e00fb7123aa26958078db4c6bf8888403ab42c3257edaab02fc7c94bf378fbafe2610b233a3461763ecc5866c7e266ed1fdbea4492f2257

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads