87a0b9b90076f7a396216b0107e4c8b08f051c132a99cc355546b84095ed8ce4

Analysis

max time kernel
150s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
Size

131KB
MD5

22a02b1bb6d1bcac48c9d6234786afa0
SHA1

7c2d0401217715dbd2f42bb4848baee88e70a9ad
SHA256

87a0b9b90076f7a396216b0107e4c8b08f051c132a99cc355546b84095ed8ce4
SHA512

90b2fe3eafb4cc7b96df8a53c018e49b2f4fa79cf57b3119b1f10bc527559119b7a434588825c68cf18daa205487550227b9c19c27105e8938385a9c66fbea03
SSDEEP

1536:W7ZQpApjIZNdNnfFpsJOfFpsJ+n1k1jWk1j1yMKxJvlwJvlo:6QWpkzlfFpsJOfFpsJ+n6jByhJdwJdo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4823) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fr.pak.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Extensions.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationTypes.resources.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp	22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\22a02b1bb6d1bcac48c9d6234786afa0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
132KB

MD5
b45a0c026d1cb251c1ba5e384201f735

SHA1
c38aa1edf4e564bc73105f6d42d1c8e088993d35

SHA256
6f1ba6d9560625e23fc565f57bfe4ac7c965d1ab148785dd115e1f03e57d79f7

SHA512
1c2c75359fd429ebc852050c8bf4f2c7defdcc9d9726987ca09b601d964bfc5a5f9794291d07c2bf03fbd9a7c01179c3e0129a65044b8a7b84364743c4c6215f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
230KB

MD5
c2f22b7dfe099b49684a20d4fa21a719

SHA1
5c0e761311cce0639f858b1da40518bf817a809b

SHA256
9be533d8a1d08c34cf945f64df181b0704e6e41df3957220c5edf64ed87e98df

SHA512
b738d52406f26157c6c5d0a109a4601180830b711fb29c380a3ee332462e07af546a057f5a298013e39098aeb2bc9f914e9c2222281e3e78c00a976ab0b731ea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads