42674a9f02953727a996cf05101d0353e137927996ea8ce7e2d1eae2eb76172e

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 09:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
Size

70KB
MD5

f238ef9dcb7ec0625232dd48f184a690
SHA1

8e93804328aa0e1a553c8855d6ffa7bd6f470615
SHA256

42674a9f02953727a996cf05101d0353e137927996ea8ce7e2d1eae2eb76172e
SHA512

dd3533db153208d8f095208960515077b8b3208442c0c776668727518e9805f1c4410388c623c08ed775ccccb53820ed67b2aaacac9fe018e8bc2e866caedeec
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVv/Ui:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4823) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN120.XML.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\f238ef9dcb7ec0625232dd48f184a690_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
70KB

MD5
5c76c979f71e9daa42e63d7480be1e54

SHA1
a4f845e8d9fe71166e666412767ae6877d28d8bc

SHA256
bd0666cf2dbe1dd1b69e65faf45b09ec3805e1a7cf2147e7030445113198ca19

SHA512
61999cb34177c3f100dcede9cf31c27290425b5b3a56b508567f29c47e621f42ffd252caf43f3f96625d58283a32d8479f23ddcfc63508c69da5dfd1133c317c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
169KB

MD5
0e84b6de9c7744510bee79fd9f17d1c4

SHA1
4016a761db751dc4b9215b31397e8c52a4a191a4

SHA256
362d8a77febe8b6a9f8fdd1978be767b4db14c46b89dc8d223875c7d4135e27e

SHA512
848deddc8cfbe0644fb38a470abfc7a38dce879df27bcf361ceb3071af8779a5fdfab07ea292c05acb8db70177a461fefb6acfe731e993c9400aa6b3b941e97c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads