da90de7e65deef99b9b1956dc26f0a90fce81aef59f69b25a0d6c0fed847598a

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
Size

81KB
MD5

48f4cdc00e76404b71004d7c9307cb10
SHA1

706ea736cd89fcd28349df914d58e20fcaa0646c
SHA256

da90de7e65deef99b9b1956dc26f0a90fce81aef59f69b25a0d6c0fed847598a
SHA512

6cc20050951147a08b0ce3922356522eefcb8ef16d92adcc85943acd5282d2b1f3ae80544ff2d6b59010861098b773a4d5440229325d7f621692eca3262301fd
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhr:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5059) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-180.png.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\TextConversionModule.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\ApproveRepair.odp.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jni.h.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ppd.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\48f4cdc00e76404b71004d7c9307cb10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
81KB

MD5
498b24608c7453bbe9a441d84877bb27

SHA1
6075f9bfcb4603abcf360e17b7b74d13208600e8

SHA256
40e8a459dfd71ff0bb72608da3f7052508ea9a69b1458aba987850cf133f3005

SHA512
3cb99880e1fce59d8edf817ab942688e47c368661d77072071450998e7948ccc118828b2a4926090f84dcd7bf7dd571d23cb9818d6edd024ee1bb9ca55bf7f45

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
180KB

MD5
827a415a988ca5c649385fe1e305c938

SHA1
a5a3bc7aefcfb20b2de193a07455505178ea4736

SHA256
62208811ef5557c790cbccdb16df4dbbbd03f000e53cc7045da7bab612227434

SHA512
da90b54ebd2dfda165d9c59099042d6e677cfc0f1017e376ba70906f45e8df51916314ae11b4b8f5ff442624c1c4c0e22e90cd182b2c957d82ea4feb7bdcf7df

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads