1f05c224d5cf080c4035267ebfba2437d449355e65f9a95ff20e2e311157a7de

Analysis

max time kernel
150s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 21:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
Size

91KB
MD5

fde78d42a8475c4f3b0f8a49ae38e010
SHA1

cb2d9f69f9928e3fa79b523dc5edb36260b45aa6
SHA256

1f05c224d5cf080c4035267ebfba2437d449355e65f9a95ff20e2e311157a7de
SHA512

5f4cb47a7f0f136c36d07ba8c6d155e8772c5b3771bf5b738612810cff29695d8b157992b9ac491d75142f26f9922cdcc5f987234723bfd551193280826bf00a
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNE:6rWpcOPxPke+e3fFpsJOfFpsJbgES

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fil.pak.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\AppXManifest.xml.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSVG.DLL.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-heap-l1-1-0.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.tree.dat.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp	fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\fde78d42a8475c4f3b0f8a49ae38e010_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
91KB

MD5
9237761177b4d8c44a673f9ff6f9dce8

SHA1
9baa0284a03352178d5730e7a6d990896c2f629a

SHA256
4e15586c95656a2d6bb0f4c694e7c04b5d76de7af59e8c88937133f4a54e1e5f

SHA512
7ddf1db7f26a1ed3eb50b95e828e69f9cb484dcecb45e80e6c33a404438345d53d4ccb7bd0cdb61762a321c629e4b4293b2e9ecb1bc71220fe191925839567f1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
190KB

MD5
fcc070646f2a807d5be3b181c8a93d8d

SHA1
ea3340e1404a2daaebd535d8593af2b1547b9052

SHA256
448c086bc8a4283214256334b058519a5cc1cfbb9231801dbf69678ef0bef443

SHA512
e2ec072fcc56ef5fce59feec110f4eeb0143125ca6c681004a509a4bb99dcd1f071a41c6c1449307da618de5706ef02f8627ef90298989f5376a63d5ccede58b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads