1c2caa1c43214dd9988175f1a6f5a032c3daae1535d4b64e70ff2d4cada5c511

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
Size

93KB
MD5

2beac02a4c438cbff9473b7c443d7f60
SHA1

226505326b45239487b1ada85d66438b35d790d8
SHA256

1c2caa1c43214dd9988175f1a6f5a032c3daae1535d4b64e70ff2d4cada5c511
SHA512

b2aa5f40fa26cd090ac6a0dbf4e31a5d99a453bf5e8d8b222ae19796d3c41c1e3e1302631e91680ca7b8ebe6a035d84b6b296c78b8429450a2ae1c8b52047478
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76PDn+I+6:6rWpcOPxPke+e3fFpsJOfFpsJbgEOD5

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4843) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\WindowsBase.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\release.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL082.XML.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Timer.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\msipc.dll.mui.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.tmp	2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2beac02a4c438cbff9473b7c443d7f60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
93KB

MD5
52fe4f4b4dbc0142c9b7d24e6c876258

SHA1
5f4c74dca58c636c6d6a57f3257dd355ce344f51

SHA256
1f369ecab6b28fa4f855d1c450feae7edcfac3f705e268e39de037678d9ea591

SHA512
6da9988a4cc7b6476440fc5528de724f228bdc87d977c30068f316050bdee5d717e684a4f24b768c9324468521fe7460163fcec60dae2a5be144c1e76adf82d1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
192KB

MD5
945d2cd2e7e93f03659cb0db3bfb4b19

SHA1
e2459aebc97f7319394136ef098b7bd8a79405ee

SHA256
4f367ca8069ec379aae8e956bb0ad5962053cdfd6ab2c9a182c35a3feb922c25

SHA512
26065d59509e050d03d309766e69053137ac0fe686759b8fc889aa734826244bf6a5a475c4409b4c7b691997e62f3c62435868e8ce4ba40aed53c8146fafd51d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads