0a0a68266cce7b1ff9d7897d7b7492ce7be2477eac5fbfa5b1dd3ca885d74840

Analysis

max time kernel
150s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
Size

104KB
MD5

7a26853f8a47787a1590ffbae9f28e50
SHA1

403c57f6049946e216ca6c2dda86e9e27831bffb
SHA256

0a0a68266cce7b1ff9d7897d7b7492ce7be2477eac5fbfa5b1dd3ca885d74840
SHA512

9b4d6f3533cf50a2a0a9123297a5d49258cd90458bf3713768a8cd1c192796483f356edaec5d76fe5c5ecdb262af80e8c3b1fd063b3e7f786f79e8ac934ea384
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5pYJIJDYJIJOO6O2lpHiJOP25LqrH5HiJOX:W7ZQpApjIWe+eoO6O2lpiMZiMB

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4823) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.resources.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nb.pak.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\AUTHOR.XSL.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationTypes.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\LimitMount.tif.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bg.pak.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\InitializeRestart.pdf.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.AccessControl.dll.tmp	7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7a26853f8a47787a1590ffbae9f28e50_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
104KB

MD5
7b31e823d9e6606a1ffc613e5ce88f0a

SHA1
bc93a7bc3a6fd3cb7b06cddfe93f7180457e7924

SHA256
6fd9f7a3d43948759fbcb4272565f6e0dd8e02880b67129d6e78548b7f9ff81a

SHA512
5b3b3e3eed4c60c41483e754ea3a5686213bd3ea29cace84885b5294858373425dbae21a251ccbbadb3806441de927ad63c96c9dddc6fbfcb359a27d1f902e82

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
203KB

MD5
40eba20dd05edbd480551aaec2523042

SHA1
3a6605a6f231b297ec5ba44314a4ac67becaa03c

SHA256
3d7c8229e50ac95d222ac706c851774306f4ed49b6336f021f23df704e501135

SHA512
c4f03622ba3852c068037cc69f8764832975b403871d49128e4b873d8e0f0551536e2a965e33c74bbbc66708ca2ca98b726f8add7b6c91751234056013ec1d5b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads