d944c91f88061542778410b7f7b01ad9a9adfc9511e2d2eaf4be96f5fcf239a1

Analysis

max time kernel
149s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
Size

123KB
MD5

2b29dc415e061657e4cf327b0747f070
SHA1

328aa52ecd7dbaf65c03328c576f932632c6176f
SHA256

d944c91f88061542778410b7f7b01ad9a9adfc9511e2d2eaf4be96f5fcf239a1
SHA512

8015b4e61fda3b32456a732765760353a487c533c8358a40de2690f76cb608360dff15e00209054406a0cb926d4da9eb07ac9c88fd54c5a5aadb54bf2fc5e4a5
SSDEEP

1536:W7ZQpApjIZNdNnfFpsJOfFpsJ+n1k1jWk1jrNf+I+M:6QWpkzlfFpsJOfFpsJ+n6jd

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4835) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationCore.resources.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationProvider.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ppd.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.Vectors.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp	2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2b29dc415e061657e4cf327b0747f070_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
123KB

MD5
5458d65e0166881b69ab4948d3d75436

SHA1
0de71b97bf67e380874e3340fcc22153a19ccb31

SHA256
2bd657e7961ed913d9b2dadea0d972ee57153a72741912c100af08648bb16af3

SHA512
d527e9e3ece892ba0b674facee24f6f64a31848d5d82441f32b8f80ce29de8cc5448b9b944e092e4e2b8b6b1bf0eab0f474bdc0300b4132a86940f7d2c98e163

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
222KB

MD5
9625569ae314e03b62d8f7d6d5f69f0a

SHA1
5c512d79d654e3a8aa2c6ab6e3b3037d2448a85d

SHA256
50f59892a7c6347f294cd5f8ebc304ed684bd44ccbd98d0da978d6d379550964

SHA512
1547409fb2f92aa98eeb31cff11e9fb7ce3fec7f4aea504cc882aabc7f4a07b9ee52354f4c6db404c0c12d26aa5d1fd281b27c4290fd896bdee98241ff1b3d36

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads