1302c0962ee3736438f152fdb906e982b00314799344e0e9d39cf228b9d7bedf

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
Size

68KB
MD5

9c0ecf472007736ab5b3c9e2fed1d790
SHA1

947797df69609049195c1622e8cf6e6459db4396
SHA256

1302c0962ee3736438f152fdb906e982b00314799344e0e9d39cf228b9d7bedf
SHA512

62222a9bee1d21f421a6a957367fe5ac9cfd83e856ac984ee9826176279a140b46ff64fa52eb7f69fed0dc41bf6a40a129927e2e44873e840b22993a424a89cf
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEha:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4872) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ReachFramework.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\th.pak.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\pack200.exe.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\hostpolicy.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\management.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClient.resources.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIANEXT.DLL.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp	9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9c0ecf472007736ab5b3c9e2fed1d790_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
68KB

MD5
dfe6cbd2e94addf72c08ffb3989bcaa0

SHA1
e4cff411a0a632758687a91f4bf0000a5f217e29

SHA256
0ad030397a7f6eeba50ea2be103c4e8b8341736160815eb9d58e40ad018f900b

SHA512
e96bd5f403cdac47a4ae596f08cf46cdcb7966a90ec2600cf5b2da6457f9d5e3c9f14f4b56e6f34085f81befcbc09bec9bd3fd8f0bbb93226cbc35afaf4b4c2f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
167KB

MD5
2652b0c86f85601990e405d6feffce8b

SHA1
87df4651f05dfbb7134061d7c365e8b193b3c53d

SHA256
43767fcd5b5bf1be1f83fdccf24f222757fa21464d0338f6240191fa732558c5

SHA512
c72bfbfe4099e1a2aa61e1ab68af63ac5fca6d4b457dc2e59136ff3173e02ab24cf9a620d165542bf3c89e248bd7040682e1c0250045f90e6b503147f918cc1f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads