dcfb11d8c6304c312ca7d16317ba622ea128efbdb213e5e80c49a514af1a4364

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
Size

74KB
MD5

1faf694b27a88adcd5ac9a8d0891ea30
SHA1

f5de9288ec4daf60b423307c2c5340d9c8234441
SHA256

dcfb11d8c6304c312ca7d16317ba622ea128efbdb213e5e80c49a514af1a4364
SHA512

9f867397f400a9e0952535c1605f3ce75819f7000eaa40c2175c2e7fafacbd9a3e2dd86ceb40033b699a848c6b5eea94767c4460a9002d61dfdf9746698b6f07
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65TGA3vHq5q4:69WpQEJACU4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5024) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.IsolatedStorage.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationFramework.resources.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-oob.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\currency.data.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.LEX.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsBase.resources.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ppd.xrm-ms.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp	1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1faf694b27a88adcd5ac9a8d0891ea30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
74KB

MD5
ea4a62cc8d271c165f3475d1039f7fbe

SHA1
eb9c4b5b4e7880cda3e59a8e7412718cb20532f1

SHA256
aca380e0266b740ee09eed956070480a00406224fc007db976fc74dce87fc32b

SHA512
ed98ab113f9b39502ffa3582c996a8591dbcda95be3632db37b57b577ffb11484951907340d5db1e01c1472eceb87cdde24e3a400fef1d467d2cdeee18a5d338

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
173KB

MD5
0343218523d2a0acf32d7f99ee049f9f

SHA1
499d4ea214c67cabd39f8c9b7a764b9d5659b66d

SHA256
9a1d3b356bcd50746f517d4b62d8b5d76d879951ae3faa578ac50712de43ef0a

SHA512
1117839a44c3d2fd6188de4c5d04874dbcb24b043c8ad56c0f653005521be809b75dec247739fcbbb070d011b3e4cb1c5083c19685f6d2da280eb075c62e5294

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads