3a8760032cf73b3ff0e5738e3f85461349b8d71eebc0d961b51fb1674c2bd37d

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
Size

93KB
MD5

d9f201e341acbda67639d16e9976b880
SHA1

7c5f5cec8f4e36d3ca7a9f9064f79e740426cea2
SHA256

3a8760032cf73b3ff0e5738e3f85461349b8d71eebc0d961b51fb1674c2bd37d
SHA512

10a781778cc2f772cd8e20913c3c31c3789e9643022191bab67c322f195b4c7edf6750556bb771e25f6bba153373d2a950ce6a7f1b20615ffce3988056848d93
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKP76PDr:6rWpcOPxPke+e3fFpsJOfFpsJbgEODr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4814) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLL.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYM.TTF.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp	d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d9f201e341acbda67639d16e9976b880_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
93KB

MD5
b756fa6fe1d4cb4e4c996d1bc7cf14e4

SHA1
202c2278898072aa4bf9f24fff02648b22040f41

SHA256
4bfbe63aae71cf6690c3a149814441b466efa2f9e213752855cf365d0c13af7c

SHA512
750ce821431da59b7b625f67916ee35f04c2866c3bd2fb1606bfec47df68d3233f6c97d5cb905f62c4b875f00af7a88d417540908dc64b56035525b8ffad2339

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
192KB

MD5
49a1812a47bc74cd5a79dad0534ceb28

SHA1
7c44a15ea44b06835d4b2dea884ff9b55e0de3cb

SHA256
0f72a67318919ff92c4fb726580ad82a807620cee727be94b05d49354710e49f

SHA512
c716dfe94c1d6233d24e6eeee3255681b936e003aefa3d2ef7963b82ca070468ab0cda8abea7d931020f534fdc42e48b9fcdb4f7d8e9f820def6847aa87b5195

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads