6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22

Analysis

max time kernel
150s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 08:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
Size

90KB
MD5

bfc2e9b38b1e84ccde167465137fca40
SHA1

a0ca90579b6b90d924e4d55f9abafadd9d3a66de
SHA256

6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22
SHA512

b969f2c623afed9ca825e24672d85cd1b93c368b37dead0f22658f81ff8461a7c5fe3eb7b68f01bbdbef89ddf95211bd1fb5148e0f16c66dc0e97f06f08ad1af
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/OfxRfxHAu39Au3pyDxsyDxZ:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf7s

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5037) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-oob.xrm-ms.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-oob.xrm-ms.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excelcnvpxy.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_elf.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\WindowsBase.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.DLL.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jpeg.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.White.png.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ppd.xrm-ms.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\id.pak.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MsoAriaCApiWrapper.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.png.tmp	6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6acd6b27db4e53b71c8d8284b269cf95bcdac184e18869ba68d1a25304494f22_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

Filesize
90KB

MD5
9bf1065ebdae67b5d49ec8e2899bda8f

SHA1
f2162c98257ec7b7459d635e681b94914d93a84b

SHA256
fc05e0ea138988a44db7cd02cde12e0f03be4bde81cd387ebbf5a6a7fada5bb5

SHA512
7841a53b4db504a4ee5a9941f3ae43f3f04784cfdb94905a15c4dce4a8474efed3390ac765ffe0e212dd8012c20a7dc83a7bab7ce929f849452e6e25bea515b9

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
189KB

MD5
c6425b55d0c9ef4c5cc70bc8894f2826

SHA1
8c1ebdba24b54a6b44867a3bd3a61c1d969957c9

SHA256
7445a6138caa45c6809fbb827ad10cb8b7e437fd71c66f2bb190256ba3f49f0d

SHA512
6c346f39cb5be3ae0b8762e265a1bb2f2ccd2b54a049b8c15d5709e9dd2d787553d3b6aa189113420b5fc2787723473a486f2e63b4934e0204e547deea19b1ea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads