8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab

Analysis

max time kernel
149s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
Size

93KB
MD5

846fe0c8e2f2bc32ebe47791c591a100
SHA1

84273d2527f03baae96de3ba439a1600e8af667e
SHA256

8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab
SHA512

d431010c169f09b238d1649e68a9c0ca39d8626337de9757621da7e86c78f66ea2c8144accac73e2ccae7273d293e60789feda93dc3640942894685d47a69007
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76uSsktFElEM:6e7WpP9oVLQthbYY9oVLQthbUv+W2M

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\net.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\manifest.xml.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Extensions.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe.manifest.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excelcnvpxy.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp	8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8f64e8b189927740c0c1306bc739f53090e9da9d761a03f3050ce43647a1a5ab_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
93KB

MD5
c192f5ef9a09234b27ab48ebe98d7161

SHA1
13edaecba66835d95687a765f7531bb5b4534f65

SHA256
526fb95b84d9ad4967661721a335a9b7029649c36b99556c07770ec710a8c4d2

SHA512
43c4e2f39abc6a1ee64548bd50920598a438b882f855aa4f024c9154f9f25341bb3941fd48a37fb398e84332cdade3c434c08388dbd4d60ee085e43cecdde95a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
192KB

MD5
c96bfa4d80cc737a0a7ff13c531c8bcc

SHA1
e7cf35d90a929befe5056b62e1e54b5b18feb701

SHA256
6ad228c78916eda7a4f785ba860f994471e032247976baf4abd43b4bd64339e5

SHA512
bfbcef0b349ab434c16ffd935519eabb8e95346209891fb9180b29fb84dc1f05e9bd1e99ab10c36a60b91614dcc52b33288bb826066069808e9aa457921675a3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads