8627d0d5c6bd9ec09ab8abb668075d1a7acc1c45b6cdaaf4c97dac402b5c3be2

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 11:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
Size

41KB
MD5

8aa5d805e932f915f1bd26eee56e1740
SHA1

5771f2dc5d60d39cc6736905d78260d282312cb3
SHA256

8627d0d5c6bd9ec09ab8abb668075d1a7acc1c45b6cdaaf4c97dac402b5c3be2
SHA512

387f0f68d7368022cd292f1fdea0c497d386160d293e4ad8c5942850697ee167be70cd94faac70edd7fec8f3b0ea0e3359b96c4520fcc5291a6f2bce8ad7cdcf
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFrpSp7:W7BlpNLpARFbhblkYlkuvIYFrpSp7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5113) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-100.png.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\BHOINTL.DLL.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Xaml.resources.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ppd.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoBeta.png.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader_icd.json.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8aa5d805e932f915f1bd26eee56e1740_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
42KB

MD5
76e4e838161d249a7742cff9de0e62a1

SHA1
77185dbfb8c85b4bb71c49e183770fb7dc4302a7

SHA256
de9246aed9a068259bb2676fabc325df7ab0f8f9f8ae60d2aaa00f839957d9b1

SHA512
f4a75ecc0ab4d6815e863b87a79ca6bf206c5e8d82d2de2b75f3fb5e2acc1d150b8a2bd42a1d6266469c92a9f59b930fe7837b4a84de26287f4b1c4e745484ee

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
140KB

MD5
0309ffd0d08fae8fa58aa743fbf0c394

SHA1
63e9978d04ef0ce701add6441f6c50958b788526

SHA256
513f3eb18577d115f94054d32b2ce44e5c5f6b1362f7f64eead8cf919325916a

SHA512
a637b4eeff217ce3da2f2f60e785f31d5565e96a0028f2dfea464646ce004859c40968482d2925b25046e6da2c0f320cd0cd9446f8f0467039e137f9d235a1db

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads