9d58a3188e1a36bcdc1a6a33a809a4391c277c34b2f4b06a411c522541813ff2

Analysis

max time kernel
149s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
Size

131KB
MD5

b831a4c4016f84c774a0bd0764dc7220
SHA1

e383b71d94300ec28e5d7fba7e9e860da92ad3b1
SHA256

9d58a3188e1a36bcdc1a6a33a809a4391c277c34b2f4b06a411c522541813ff2
SHA512

b5ed42e2477bbd359b723c616f56df9deee775126ba9d95025a37da2a3d885a5bd0b19a09406d0f1f447004a474515af025dc63b8717a0e1896a46fa4a885b88
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOz:/7ZQpApUsKiXBvzwvzXJvlwJvl5

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4676) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xsl.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\BlockRestart.TS.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\ReachFramework.resources.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.Vectors.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoBeta.png.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\msipc.dll.mui.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\classlist.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.HttpListener.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp	b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b831a4c4016f84c774a0bd0764dc7220_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
131KB

MD5
d02f17cf0fe682190ab16307b40311a2

SHA1
c3ed00768a5a80c5b0e06d08a57be30fa35dab11

SHA256
a250bbfd500fbdf81f71b666df63042753cdc1428a17e0d96b95e53275e90b02

SHA512
e8bd7158dc43dc4df76a406682727708135a9a350808010470acb3ba6628659bb5ab9d942e71518307c34c7f544c1d84e8a36861091505496928bc6c56110e97

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
230KB

MD5
3862fe6664292a1756c6d72bc7b9bfdc

SHA1
3a98d9cb73ed84374f746e1b32992cd8c54fd25c

SHA256
8ce46e7a27ead2589ee6ad9559f31562a8b99d78446dffb39c932cf8be5b1809

SHA512
d040b29444ca76abb5e4c4cef84053c73589839433cfd83672225c78989423c4dfa3185212f207cb233d9ba4999c2231137e15699e4705a5b718360e4ed68b8c

Download Submit
memory/436-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads