1cea7c6d522d6d1708455e2bc9a8538643f93dbf9b3ba32e5414eff6cc9e7d4a

Analysis

max time kernel
150s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
Size

131KB
MD5

b7cd59b7c87e8f8cdeb5e513820bf060
SHA1

f88580014c1279f1c713ff735d7393be2c771112
SHA256

1cea7c6d522d6d1708455e2bc9a8538643f93dbf9b3ba32e5414eff6cc9e7d4a
SHA512

d0488bcc58587edbe1aa4f9cdcd8b8f2fb8703e53708b4cce233da836d2a4ebd4130818e6128f69eb626e1661334c2d1c0b543746e129298568d1d78034a97cd
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOG:/7ZQpApUsKiXBvzwvzXJvlwJvlOf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4863) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\README.txt.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lv.pak.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\LICENSE.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsBase.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ProviderShared.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OWSSUPP.DLL.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\ReachFramework.resources.dll.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ppd.xrm-ms.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML.tmp	b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b7cd59b7c87e8f8cdeb5e513820bf060_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
131KB

MD5
9494067f719650dfa1dbdf9996daa1a4

SHA1
d2c359d5bd06fcc0566f5b5016a07154d2ca5a08

SHA256
f4e47c6125ff7c2f10143eb578815a1bb37a2381b8259aea67c93f0658bd63c5

SHA512
6a998395fb1771e54e5b91a414f501f4be4bd23870d03d3380b5aa4333f69ccf065c33b8676830b565afad5231c063ce2a57476075a13c8f410529c8d604d893

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
230KB

MD5
6310a4b8052cfdce7e8ec3b453acb825

SHA1
22050dcb24cc2fb9d9ada212acf26ad8c8dcdd52

SHA256
2b7da57c1af4aaa4dbf2d6b92f6ffccc6aa9d6e21b458a7056e38be5f26b7884

SHA512
e74c6a9f73383c49efbb1545ce4465b689d219c5c9fe50e6bc78759d2ff965e344b4eeb7814ed65ea39fb926bba9713b7b7f9c396c3a9c5b280b49483b4ff5e0

Download Submit
memory/2948-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2948-1784-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads