abbce0b9b1f985f10b512e5aa04b4226dfa28a3512a228e6c7b1bda27d8f6a99

Analysis

max time kernel
150s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
Size

104KB
MD5

b90fcd05f01a085361ab33854e763270
SHA1

be5bbd74329aa12b3dbdf41892e61bbd804c566e
SHA256

abbce0b9b1f985f10b512e5aa04b4226dfa28a3512a228e6c7b1bda27d8f6a99
SHA512

12b4a733ec36050c437088a48e66f9c39a009daed77db1465949d785503905e7dceff85da714fd0aa92b8aeac80cea3a8001141f4ef809aec3435fd8176846dc
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5pYJIJDYJIJOO6O2lpHiJOP25LqrH5HiJOT:W7ZQpApjIWe+eoO6O2lpiMZiM1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4878) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ul-oob.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\et.pak.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClientSideProviders.resources.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunmscapi.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-pl.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.exe.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp	b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b90fcd05f01a085361ab33854e763270_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
104KB

MD5
69a8f1df858fbf6c8c94094a30fe2516

SHA1
970916faff49bb2d22402ef36cc59a3f3f97319d

SHA256
90e34d3a22a317d962cab4beaddae2752a4c4aa3d695af12ebb1f4d27d493595

SHA512
02ab860d1a368463d35f2d3345efade82fb0c23bc83ba502f75f05c30f6d9edc506e2156edb2e0c44c274cf2abaf40ae39a02dcaf5c8365f23c87f7ea947eff8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
203KB

MD5
d57af84ec7c3ae75abeb1f538ed234f3

SHA1
a6921e2b4e20c7c9f3ef9bceafdc81b4065f42ca

SHA256
5a55bbf74283a61b8c9aecf20926164d7deb5c988185890703c35ab44a64624b

SHA512
78e338c060c630da003585f9db48f38a8b164c9d513bee4e0eab4deb3ea7d4bda5237e08406384927f13e1b33e21fb4d099cf42c9490e822a1287eb2a8563f79

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads