1510bcb2272a1516eecfcb8f1fc3536be2b778007ac7874778c5e0e628b71046

Analysis

max time kernel
150s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
Size

126KB
MD5

20556d78643dce5327caa71db4bd3440
SHA1

cbe0a2d4b006979c155eff6d3bd0a63b945396e2
SHA256

1510bcb2272a1516eecfcb8f1fc3536be2b778007ac7874778c5e0e628b71046
SHA512

e9579aaf22805e6719b0d1e605128a20f3342f70343942d2f1a7182533ff3c15d0ca5f50ea720a2126dc5eaaecde42f1a2bce24edcbd252a1a55cd7297087ffb
SSDEEP

3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEIixihyKoIWbsHfySkT5GeCyi348oWGRPOzkq:tFPxPke+eI4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4849) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC32.DLL.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Primitives.resources.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sl.pak.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\Logo.png.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUIFormulaBarModel.bin.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sv.pak.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\mojo_core.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp	20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\20556d78643dce5327caa71db4bd3440_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3764,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:8
1⤵
PID:5092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

Filesize
127KB

MD5
a0251d0c8bf7febca48905ec1ef973ac

SHA1
352ea92c135a47af5cf53b02399b4c811f4f3cb3

SHA256
eb8c408cffa1329054a5d96db5c44cfae733a878a016bc94a371f8a3f6e99346

SHA512
742818b71ee1c76dcdcb90575df59d7b40c511a2ae8179a6b0d68d8bb07b0e723a19b8bd6c65f52abac6ea6853521ca725b20c1f0eed1a64a5d7ef385f9cb06e

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
239KB

MD5
419eca7a6260a0d47330e6dd83d29443

SHA1
58fa4d9aff2cf38635c3f409b562d03dbe61f5fd

SHA256
8ccfb6752228ae5e41d6e965c3c0b6751c44385c6e08f3926a5e0e148a2dbc37

SHA512
a1c771b02feac60b5e9ac9e57e13396c65beb5e5aab31b37fcb17bdd94f3803845637c23d7efc71f1671065232685fa84323e6bafd17b76b1fa7609fb9877df8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads