749b2326c1e8f24b704daf4df3f7ea7c6b49f61e8a3bd81c161a77d19a00fb67

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
Size

84KB
MD5

d21a93ea107b8396c94d5d00e8136800
SHA1

ca7a2bbd39d0af9d8c4175a11cd6af9517cd7cd4
SHA256

749b2326c1e8f24b704daf4df3f7ea7c6b49f61e8a3bd81c161a77d19a00fb67
SHA512

14179a20822dfd6ce6c9966da74bcbaa9b70886abb8e0b27142b3217c28248cc73a804411a7bd39f64fe1195a1427ab88bbb07fe39aec819eb11ff54619d9953
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPq0:6rWpcOPxPke+e3fFpsJOfFpsJbgET

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5107) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\release.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xml.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClient.resources.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\optimization_guide_internal.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\WindowsBase.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\manifest.xml.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Configuration.ConfigurationManager.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.tree.dat.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.boot.tree.dat.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.LEX.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.tree.dat.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ppd.xrm-ms.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp	d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d21a93ea107b8396c94d5d00e8136800_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:5288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
84KB

MD5
b8e63269d613b292db5eb99c55e254de

SHA1
bb0f12dca8795acf01b4b2ffba045f1fe8a85b80

SHA256
ecf082d137eeaea18a49f629f6783bc597f119900b31136449fc97dea83b5a88

SHA512
e1cbf8659deb1cae9c6938bc36859be61934503515954abf4d8130af43214f575e375e7acb068e8b747352741451dbc872608d5b4106638f3118226f990d0340

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
183KB

MD5
078bf4600c74f74f2e248992c9065cf4

SHA1
b11f0c63f47ff528d83c9228ba51ec775df36350

SHA256
0ae0fc61e04dbb6796834a301e93037f7cf0e2b653ebf02e28841e1fcb6c5278

SHA512
a1adea2552e836752fcc290fa54da669dee1f247a3d3e63f0b0f39cb803e98557e2f6c9208270434da54b334033c3b3275949e2f6a4c6f91633f61bba4d00f69

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads