52fbbb3003165b91b24f64855ffca24b8b66d9cbb202099238b089f73205eb88

Analysis

max time kernel
150s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 08:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
Size

55KB
MD5

aa9b804955aa4cfc0a36bf0963470060
SHA1

2634ed575fd6cb5baec49e053fa552da0033527c
SHA256

52fbbb3003165b91b24f64855ffca24b8b66d9cbb202099238b089f73205eb88
SHA512

c5fb1c88029cae8a61754ebbb008e0b4e9c5f30faf5c9125b6af71652b3b191602cbe0f796d3f6f4e453ba84ff5d1f18c8e0ae73833bf415ae3c00cecef2140d
SSDEEP

768:W7BlpDpARFbhYQkQjjLaManvFNFO/Ms5Ms2F3Fxve:W7ZDpApYbWjCDOEve

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5014) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationProvider.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.GrayF.png.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.UnmanagedMemoryStream.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-manifest.ini.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\aa9b804955aa4cfc0a36bf0963470060_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
56KB

MD5
4e84c4efd43e34b4edccc81f9830142e

SHA1
7d1aac5585a56f9f7a741aa36399f359ade54c23

SHA256
403ca524527421fd63bee16e8c874f635be555cb004d8ab8f5eda63219475372

SHA512
9ef4d44bc12f8b193033dd56a15ba7dc598dbfac3aa5f2051223f52a9a8e4b03c1cb8f0e3f9e9ddf910fa108c2c27838ff1dbdd8bb1f45096e29fe8e96922e4e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
154KB

MD5
5f777a762de4c5d5aaf63c97a3d1626d

SHA1
53b3749aab18c8cbadcc0d1cfa58d7c542f52272

SHA256
2670d7b3cc11572b4a083374904451370ccbb25b8b0426972cf8f35dbd0c7770

SHA512
72dbb067d879e6708fdd90bdab616d2aaef75c156485e65cd91721065f706591dcc07127e8e1b1aafcd1244ddbda474e774d6b7ff2501b7f8eccc08d52284d90

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads