5398d553e38812a9467157a6327d848d2bee1fe70d4107bd3dd7640911540a8e

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
Size

91KB
MD5

1bf78f90c23c161486e5004133e52980
SHA1

53cca9347ea6feb2e5ffa2b252dd709ef085d008
SHA256

5398d553e38812a9467157a6327d848d2bee1fe70d4107bd3dd7640911540a8e
SHA512

c64e06e72089ff8fd7f7b14282958287b9f756a98d14cd791ef50556c9ae5f8197eada36787081001b8c9de55dd90d80644121a6dcd6e968ce827bf2527e8765
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/T:6e7WpMaxeb0CYJ97lEYNR73e+eKZT

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4851) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationCore.resources.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\Welcome.html.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClient.resources.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp	1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1bf78f90c23c161486e5004133e52980_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
91KB

MD5
6d55654b8ea37f90f2e91ff8ed0c170c

SHA1
e946b6bb20a3819e225d607a7aadab0de9b534c5

SHA256
d9d75d2de8dbc2f9f28ef787696145dd4d454ed84f68ba1048f85ce54342686c

SHA512
e740695b5b73b4250075d0d47e3b871f2681b8afb7e8200c8cbbbb3c017fa43472d24acec6542636105bd99a5689305422b875908d90ab1ce3fb4407c503dc51

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
190KB

MD5
97f4c433c553f58f15aa419f53cbd06b

SHA1
feb3fbd3d8fb9e6faaf9a1516f544e64e66bcb3f

SHA256
1d0d9504de8130e28a053927d1561ac6d59245108438e2c8b8cefe16a6bcfc51

SHA512
ba8a9c1e0f6a33fc6beeec7a04220db892e155244b0ea6b53d555bfa5ae8d8df043daca8304483cf0a23ca005a0c2ddb40e33e4aa7a09050a81892b326940945

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads