86fb4d6668278ff6dce0dbd2b1a6cb77374405575364dbe3c100ec2daf240537

Analysis

max time kernel
150s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 13:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
Size

81KB
MD5

c97596287f3080641a4dad7a93e03030
SHA1

48222fccba6d78d527fc461fa3c2eee010c8d4b7
SHA256

86fb4d6668278ff6dce0dbd2b1a6cb77374405575364dbe3c100ec2daf240537
SHA512

8a90af98066763b00d0270ba2e94d6bff8ebd601b3650c21586736b18742cbf95251a86a5e513da0a5b0f7dab30f52625ec461f069784b19cda91a48b3a62f00
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/ejJZJ4:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0z4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4736) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationCore.resources.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART13.BDR.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsBase.resources.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp	c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c97596287f3080641a4dad7a93e03030_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
81KB

MD5
495c0e91a42f20b9ee1ce467e81e0a99

SHA1
2447a465805b6a48c1f1622bc4d1bcd498846f3a

SHA256
c2062311c6869a158de36348aa2c5dcadb7c073f13b0eaf565d15f0e058f17e6

SHA512
24714e3450d1db508a38bec1528471ba42ee26f2925cee87fcb3dcd33907cdf8f54b43506ab22b3aa46de99563ee7be51aafd79f5ef85eca780695890dba670b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
180KB

MD5
a1792a4b37dda35bb08d300959f595af

SHA1
4856204306e9276c9f7953b4039230b929c7445d

SHA256
4e741d64ef5f995693e4f613c45737fbe89effa06cb4bf754650a3e32c8ccef6

SHA512
1ee0fdd4723438aa279dd001675b054cc25500a998116a257d73b407bfbe009e2d9e869950e2d9a6a9fd61f9d670ec2d613ec91ef9ef95bd56972b66ac4e621d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads