29296f92f81503296ad5baee8261aa7d10843d9761ba0ca10bc998a7da819ede

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 06:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
Size

74KB
MD5

92708809e7d4c1a06deee275e9550b30
SHA1

09e65988a07cfe7a662d60b91231167d8339f1ce
SHA256

29296f92f81503296ad5baee8261aa7d10843d9761ba0ca10bc998a7da819ede
SHA512

969571e7c675d5650414597acb4f449ae3cd335aa01318b0d590b531386d7b84348b97eefda8cf37c5a98abf9fbafbd967a5b3b783881a0a115392579acd6a91
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t1QmJ0QmJt:6e7WpP9oVLQthbYY9oVLQthbUrt7t1Q7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5189) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-pl.xrm-ms.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.DLL.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\COIN.WAV.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Resources.pri.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHIC.TTF.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Controls.Ribbon.resources.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsBase.resources.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\MSFT.png.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ru.pak.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ObjectModel.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\assets_picker-account-addPerson-48.png.tmp	92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\92708809e7d4c1a06deee275e9550b30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
74KB

MD5
606606b653273525846cc2075e8e51fa

SHA1
3ed4471bc220b0166db9971be5eb715ded1ceba5

SHA256
fe42de42d21cf362e6fa101073532e0912fbf2f53afd002a86443f4aa34e7d72

SHA512
a747fe5410c275e2744346e64f94726a0fdd4b050d9e3b9a35d3c1e7a47d723a12022a0bc013d3f4049f504638155da082dfe8e840a3035eaf06e8683b5eecb3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
173KB

MD5
5e1f9910e77a3718438f2323f91a5e46

SHA1
50973da0db0740536c94c4ea0b3027a18cc3f976

SHA256
e4a4f20427d93c33a90ad640ffa570783a3ad4006e0183a58d230a3fb3df3781

SHA512
eebf7501770454b5162b226ccdd78c52f8c4600e393d6d8feeeef107eeb151a8b7fa367eb496ad7fe83a0fafd7d2cc1da1182326ba7fe2c3f4dd3eb8cfd00b21

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads