7841b730fd1ae559fde213de46617c5ba04c625a45b75a0fbab1819bff6704b6

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
Size

92KB
MD5

3c2979619973748bad3566315e730b90
SHA1

ab09f7a5b5e63479a61edd7ea16c6bec759bdb22
SHA256

7841b730fd1ae559fde213de46617c5ba04c625a45b75a0fbab1819bff6704b6
SHA512

bbdce6fce492fa9af7ab888057a98ed05acf77e8a2a7e3ece28e7765417132d96c9969decdff7d8ac6685d92a6efb4bc6795a743f94cb3e061734e6c52fa8535
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNh/1:6rWpcOPxPke+e3fFpsJOfFpsJbgEp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4820) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\resource.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClientSideProviders.resources.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-ms.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONWordAddin.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotdintl.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp	3c2979619973748bad3566315e730b90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3c2979619973748bad3566315e730b90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c2979619973748bad3566315e730b90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
92KB

MD5
772b46c50b4be468c0c4d6866129f3f1

SHA1
7cc8b8dd7b4bcc7643dcf246c217d529d13fc897

SHA256
f8cb92ed519f6f04c0a582be020edce1e47a72e0edd820b3e704623a4d2d8d9e

SHA512
450afeac001351e773d89b3bd81353ac3879c6fd2f48ddfe25645a9283b10fba319d48ed62704eff1644b7295ad85b97abcd14e1e0f3c6f86f59635aca7d66d2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
191KB

MD5
576d001e8aef7b5a556230bae86f9d44

SHA1
f7bb56d0e0c9eef4588ca085c3ff6b674f230f2c

SHA256
506ee1443c65c443ab2f34c1143a3daa065bbdaa8202eb052be9e9cee405bb30

SHA512
d8415a268fd6eca01cd917e9af5bc7eea7e8cc0a42a136c2a1adff31eb54ede4a4ebfe139564dcb1cd4c036c3cd27962b7dee96541a59f05f8e4a09ac377ec09

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads