2be1290283d623c86fd0c4f6a9f868361bec440f0ebdf634bfd16db9ce8574e0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
Size

81KB
MD5

7bed9f338b37840dc154b04a442b2660
SHA1

1775607c4c977901900e895bc47810faf2ca0115
SHA256

2be1290283d623c86fd0c4f6a9f868361bec440f0ebdf634bfd16db9ce8574e0
SHA512

9aa42292fd30d45d9e00b99c3695bac295a70f134ad7f39402414d3df1724cb286ee639d63ae8645d92916a87f8d173725b29d5ad770de79c53b0268679cb87a
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKBOmOO:69WpQE0ziTp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5201) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ul-oob.xrm-ms.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\ApproveInvoke.xlt.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYH.TTC.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ktab.exe.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXmlLinq.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\meta-index.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\nacl_irt_x86_64.nexe.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.White.png.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.tree.dat.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp	7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7bed9f338b37840dc154b04a442b2660_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
81KB

MD5
068101a59073f0876a92f833d2459f61

SHA1
61a24dd330b9c8da5afe9c7262f7df39f475503b

SHA256
f0cf6e9f8a012405390cd885c0277a099ffcca3d36e2737fd3f2993ea009baa5

SHA512
3f1a26a9e7d9d93fbb63e00f2f19c90071968aeca775b4e0dd1196ca7bbceb7d5ddd9d18800613ea24d4b5a64c394121a3d19a8ddd974bbce1a54569b646a459

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
180KB

MD5
874f4e95450212d0e970a085a9aa45fa

SHA1
977ed7faa4b2d930780bb8252cf645c2cc4f95b2

SHA256
18cb5c7b4380552fbb44e40d6a90f7d03a3ea9e9b95d724240dedb01ede2db63

SHA512
a9679e1bd25ab44e0762034dd731d8f120f58226fd5263e8e4e2b54d5adf862e9dcac24ede3f45ef5b790672f169e20d93d9a0160a7ebeeb8d0b9a05d2766bbc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads