6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38

Analysis

max time kernel
150s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 05:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
Size

37KB
MD5

ef56ed4a383e6eb2efa34931770f7380
SHA1

22d6a8935c70258c4e8179030e28200fe226fbac
SHA256

6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38
SHA512

de668cb623a4b016bf015a6a70437f81401e06ece03258a725c9bd11b95ce67dd8efb7dda5bedb14803997a9b0e51084b796e3c3bacf4e5e6b8df82063092292
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN2TQ1nrq91ujF:W7BlpppARFbhknrAujF

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5324) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-conio-l1-1-0.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.NonGeneric.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ExpenseReport.xltx.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.tree.dat.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\TellMeRuntime.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Extensions.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoia.exe.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.White.png.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp	6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b8060a7eff1acbbf66d3e402562c506b04e2a7254a94eac272f2603e740db38_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
37KB

MD5
82e647751cd44d789d88a39ba86fe8e0

SHA1
e5377624f05c816dba0bcdc49fb9f9b8422bd091

SHA256
bfe394f227bcefec7c181cbaf9ef548785967e12d7730af1f7921de2fb2f8119

SHA512
b0cc596b82f6fcf849bb707d3a1371485b8a61f451c587a1947a6f38003c0bed432c5329034d6bc1cbd9c5da4eec9887963a052161985fb1d9ed45d39d466dc2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
136KB

MD5
e2188a8d163760a44944f7acaeb9be93

SHA1
a39e26a5acefba0da08511a65cd9583bab140d26

SHA256
c1d929439b483427b0c69505e71d385c96bc6d3bca005f43b4fb1e53e3ab1085

SHA512
59ba227e437068725f09b04d5f4e7b2e1f8585b901132597ae3ef1f87beb08af6fac9f730b0631baa62c8f66a590a5fbc0eb32af3948889365f7c3d70935cb0a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads