f7f0fc3359f5c16c574886d916f8c31e2cd8d4586bd13d2d05da4913ef0e3cf2

Analysis

max time kernel
150s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
Size

96KB
MD5

1289dc23de17bebe43e62b7c25108eb0
SHA1

ddc84ef481d1bee9b533a944c4ebd861fe044844
SHA256

f7f0fc3359f5c16c574886d916f8c31e2cd8d4586bd13d2d05da4913ef0e3cf2
SHA512

156f987de2cde6c968fbcf14bd5166baf337cfdb2161ab349749fcba72211a34bf75e84f920c7ba252499103d3ade5c860367317aee6b332f361a9a94a3f12c8
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNeAS:6rWpcOPxPke+e3fFpsJOfFpsJbgEU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4849) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\flavormap.properties.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationProvider.resources.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fil.pak.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKPowerPoint.dll.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp	1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1289dc23de17bebe43e62b7c25108eb0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
96KB

MD5
b3b51393af290d4d6a869aae73fbb55b

SHA1
ede464a1d915d839d0d7eab7ec71a0b6aec259f5

SHA256
e1e634cf7fbcdcd8ca2f64e692cc38690df424bbdecc96a6444b7f105c4cdcff

SHA512
0b0787cfa19508a9b7ce5eabcd7552e7f56429be6d60028e3ee40a759bbb4128552d9f53eb8086d0480ca46e3afcbbf54dd991be49756dfabd066970943ea6ec

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
195KB

MD5
89bf144b27dfb1aa1bc459aefb6b2ae3

SHA1
9b64f1ba193e8cb8d622239045869691f990af65

SHA256
511531c4985de984005ad7c0f84f378fadfc56e526536326c32cca2b74d06a12

SHA512
d9975cb42f39bd57fec556457390e425047ab83977fc66a2ac26e0501844624780fc19a5616764ba5cf20abcd4d5c5be5e4fff8f49dacd867519fce2bb2e19d6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads