b67bc8cd6093155c12a0925cf479d7e9be66aec3e55e8e347f1bd1b0fd28486a

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
Size

88KB
MD5

dfe90576fb06b7c915c1b531ab388300
SHA1

7144c9a325c7203eba9bf855980c8d190e5a4bd7
SHA256

b67bc8cd6093155c12a0925cf479d7e9be66aec3e55e8e347f1bd1b0fd28486a
SHA512

585bd3d875b2bf5c733fb51ab3a52405fad062329abfb0a1c25ea7bdb89914d295e5e75b906ef5703c58edaaf9906bdad9a57f29f102053c67a8a957ded910c1
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76U:6e7WpP9oVLQthbYY9oVLQthbUvJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5033) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\ReachFramework.resources.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.stats.json.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ar.pak.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\kn.pak.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\msipc.dll.mui.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PEOPLEDATAHANDLER.DLL.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationCore.resources.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-ms.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp	dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\dfe90576fb06b7c915c1b531ab388300_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

Filesize
89KB

MD5
61654ae9209824e71ae3a15e0f2746f3

SHA1
225858b4184c84a5226694afe391a91c845cf883

SHA256
6eb6f63785df3090295feb85a6e7267ee39d7f511f1e4e02dd87fa50a1b141b4

SHA512
81f4338bd9f1b13c09bac3d95fb350fb1899be43c2f3fbd1f3323e8915d724dcb3a463d6ec98db24652305fa3150406b5e206214582058fe497df592ab4d34d1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
188KB

MD5
ade89fc610948a8d5cfd870a848258c0

SHA1
ff00a5d6eb0b7c61d044b2d2b7aed258abd00999

SHA256
0a907538b98e430d25350d3c751d30014da5075debd856c634ec2d2a8b8ab3b4

SHA512
92d01f7a8e3f5e9770ef5d1e04901ddac6b5b78ed7e28b45a8a1fe884bf5d2c042138e57d49a7672a229ac41cbeb9980c6d4fe7c88274fe24125fc49a0aca5cd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads