ed23b4812ade982c17f224c64383e4adf66057ce2b226ed4e96ace28f4858ab0

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
Size

60KB
MD5

82bc4004b5ce630b954eadc83be26200
SHA1

d3a6e0b7bca38bf7f800fc43ebe9566d6bb10cd8
SHA256

ed23b4812ade982c17f224c64383e4adf66057ce2b226ed4e96ace28f4858ab0
SHA512

1bad4ada023eddb62273bee1949564fa391b23815834b6112c470e999f8723ff3dd27636818f1fd1d277986ac14be01fb7911da985255d4920b12514cec296a4
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmhd:W7ZDpApYbWjIoPyPoLzV7c6Shd

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4887) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000C.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\AUTHOR.XSL.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp	82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\82bc4004b5ce630b954eadc83be26200_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
61KB

MD5
bd34ebe3883260ad48d86fa42a700848

SHA1
143371edffc7b71fba9805822f09dca62f7feb0d

SHA256
974064ec9fc3af87248a48de6c2f89ae6704bfebaba40913a5b28d872dd397e7

SHA512
8cec3241cee06128dd4759c8176465698d8b5ce46049c8f78cb55b480aa82e4ce1e8fb69f1ccdf0fb562423efc74ad1b33b6661c1c2bb026495a3d735a1e438d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
160KB

MD5
760f499e68c7914d0e174c4bf4005662

SHA1
0c2cc2242db07ba31a5d29cc3a4a88fd910b0c2f

SHA256
1ea29769b3bbe912166aa9fe1f73b4c0d242147b7db683c140836828da710238

SHA512
d80fb57f77eaba2f64e445ee419d59176e9d4060483186508dbbaea9ac303eb360adb041b6c56ac2add9ded385fc25bc85fa38b0d041208094510eadbe994c83

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads