139a207c8c89645b9e28326a29c333af3d488aada3ac682a37a72ce392923434

Analysis

max time kernel
149s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
Size

107KB
MD5

628a29e9a7ee5ff1278c197e993b4970
SHA1

b4bcdb2404409b8a8d6013336815e660cbb394fd
SHA256

139a207c8c89645b9e28326a29c333af3d488aada3ac682a37a72ce392923434
SHA512

8fa519d2e88811b1ae604acd495ad598884584493b4b36a516815435bdf7b304614e93667ba33d966e40dfb32d025f7e2740d4bf9bf0d435cfed7f6fa213dbaa
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5pYJIJDYJIJOO6O2lpHiJOP25LqrH5HiJOp:W7ZQpApjIWe+eoO6O2lpiMZiMDjwWV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4845) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OCSCLIENTWIN32.DLL.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Controls.Ribbon.resources.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.EventBasedAsync.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Reader.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp	628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\628a29e9a7ee5ff1278c197e993b4970_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
108KB

MD5
90926c3ebe615128f0c8223d77bf5deb

SHA1
0eca4fd0c2bb5fa61aa70a2ab9c67b7b053e3e7c

SHA256
378f0ca27973bc1827207a4556587f72c9f20b92349d986ed0dcf1a79a3cb524

SHA512
fb03d941e7b4ebdc5b11b08df7676b2d4aed6c4afc52b931d06573363180ebb152402ca3f98c2e80ed332af4410931dff60cf7ab853d488240bde9f1bd0b8028

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
206KB

MD5
613e54f8a50d89fa5ad8a88421a41a13

SHA1
cffe4abcdb0f1b997755f35639cef93cbfc73fea

SHA256
0b6ad433fa7fb87e4bb660502e26c77b0aad18b7924567c0d87e3328dc9eb79d

SHA512
2541a3ad53f704e164cc7193549572744d7c5a1601980542d0001e19236976eecdccaca09bbf28b8b92933111df0a532542c280fb7b68593bf6b6d38c171c0d3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads