e50aa1e78e45cacf25051798c54b19548e2cd62e946010825cb5f7d3ebc58d4f

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
Size

66KB
MD5

2dfaea1a3760a43d2eac3154ee1e1f70
SHA1

5cb98d62aa621a41305f1b880d06584dc5f84e48
SHA256

e50aa1e78e45cacf25051798c54b19548e2cd62e946010825cb5f7d3ebc58d4f
SHA512

e96a64b3b67777e1746f0713b09668c0f7bd9df74d281e3d5adefd555661386b7b5f3367881ba387fe465fd452f22ec745028f45e0df9281a9bb06ee81599fe9
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORRea:W7ZDpApYbWj2WTWJe+e/qv

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5014) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bg.pak.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationUI.resources.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\management.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp	2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2dfaea1a3760a43d2eac3154ee1e1f70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:5068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

Filesize
67KB

MD5
6574c7469fef84ad81fed03b5fc82824

SHA1
0d8d020f919c9ff14ac2cd1c5dbe846e01d26ce6

SHA256
2490afda1708b8c65c99fefc70672d0b4f9b18ceaea7829b5f3831c6fb37f27f

SHA512
f39cfff78ee0d95753a342e8149ec155294a0ca0b1ca1ccda12ee78faaf3f2e5f01c607134ca4c2fba481c647e1b17967e5fef96df94f0de7d8c3c3ed34f7be4

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
165KB

MD5
c4db8d04fdaab6a7ac058f96ec954bca

SHA1
20e6502b422618ae8d1788783e3a14a79d9c976b

SHA256
a094a53de8bb58640307c0bc8862a56ffb56eb72bc9ab8bfc6cad7ff3078d661

SHA512
ba2267761ac3dc27cc8a004d3b1941a202b1a118d61dc6e7c3dc9f542719c6089ea4ee3851030511dd46dcd73e7dc6da5cb1c44bf5a6da1ab0f95fa89ed10b9b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads