1aa3cf2824254552987b143c7e496757376ed7bba09ac1bc15aa8b2b0aa4637c

Analysis

max time kernel
150s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 12:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
Size

76KB
MD5

7cf4804cc1544a94ce94708adbdc6940
SHA1

f9cb379146d9cece1b8ee8e3e286eaf88747ecda
SHA256

1aa3cf2824254552987b143c7e496757376ed7bba09ac1bc15aa8b2b0aa4637c
SHA512

9883fccac0cbcac03c530fca40b2d1c7905f73c28af766a0fed4fa9af5a6d6987817ca5dafd21491738e3bb8c2a8e1d0762b7f7fd3c6b541bbe4b3a0fc8a743a
SSDEEP

192:tACUADIY0Br5xjL/FAgAQmP1oynLb22v29HWvHWY7GG7Gl/B:GBt7Br5xjL9AgA71FbhvoBlJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4857) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.TypeExtensions.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL093.XML.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ppd.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.DLL.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Tar.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\CloseEdit.tif.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML.tmp	7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7cf4804cc1544a94ce94708adbdc6940_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
77KB

MD5
d23655b5f6fa62b11345c9d059cfdfb6

SHA1
098b7f395db949bac641e1da62747527b368ac0f

SHA256
0a242fd17f8f5a7fcafbbaa096f749233cd345ed701d4041b47e07b934ad6ebb

SHA512
d5bd01cd9bf0b4c4a1f0c67ba2a29ef2e7c8954c89a59ed20a0439fc24069aa8d7b729405ec11fe55257edfeb5d363259e899b8705d7a27955d0ef3a6577b9fd

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
175KB

MD5
e694bdab74e8db9ef9ee9714cd46bec7

SHA1
ce54136ed95b0a74af959c5ab691b01ab7555470

SHA256
a419b469a18eccafc5935f0b90e97a79ac006257e7113acd7f31abfa2e050c3a

SHA512
cefa1bca6c2c3bf3d5e428f73e5ed2fb3f29c093fdc2d2417beeff46ca330b3e0d97515726bf7857e16e30a858e7131cf03d25a32ebcba71a1e89bbf564bf17c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads