74103f6caf0327592f28ab85acc5f4ad011ba0eef22d27f1358cb2bc982325c0

Analysis

max time kernel
150s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 03:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
Size

56KB
MD5

8b4102d271345be669bceca90049b150
SHA1

f508b6915ad673b27406e953b6e5143e766d7e2f
SHA256

74103f6caf0327592f28ab85acc5f4ad011ba0eef22d27f1358cb2bc982325c0
SHA512

30f34ff94020b717eb47b626570fb4e21b47ec27090182d3405c85936f0bc5348b93a0c3e516ca9e136d9438cc1d2dd9167bbab6bf6d3ecf3f2edd69a3a9bee8
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaJjYJIJDYJIJJZwNq4D:W7ZDpApYbWjy0e+eaNn

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5209) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ITCKRIST.TTF.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-manifest.ini.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-pl.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp	8b4102d271345be669bceca90049b150_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8b4102d271345be669bceca90049b150_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8b4102d271345be669bceca90049b150_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4020,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:8
1⤵
PID:3176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

Filesize
56KB

MD5
7c1681e39d06d037fc3d26dc2244f0d9

SHA1
fadde17f17d4e997406bd15b9f2aca02a658b548

SHA256
57e0232284b80966d120c8b525777ba51a220c643243c0ec93f4a39fbec6cdeb

SHA512
192190b993246f56e251aada53fc403931a7b8e0037ee49f43be8b2647f2542c05c562dae4d209bc71c7fd8030ed2447c11a73f16b6e678c21581ecf1ad96fc6

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
168KB

MD5
6fa301582e3510a0340ae732beb0755b

SHA1
f47555d0ad3a8fda66af0869a076a01c327dbb7c

SHA256
4bd08179dfaad5c59eae6cb6438792c00df1ba69d7fdc958de0c80d349c5e1eb

SHA512
7f48d3393bf73741b5b33d261ab34c532eabc3bd265b6904c00eef890052f76e4d821e5f32ca276162e1a4bd392ca5cac43c40ffb4b0ba598406ea91b09f6094

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads