84f8044ea6e711434d08bc64c84c5bd1f62584331f292fb50ab89836bf5b2fcb

Analysis

max time kernel
150s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
Size

100KB
MD5

96e432b32e69329e6afa5b5919f85820
SHA1

395f3f6061d652d171c3bbbb08bb16f16294e3aa
SHA256

84f8044ea6e711434d08bc64c84c5bd1f62584331f292fb50ab89836bf5b2fcb
SHA512

3b7c75be6756c7208660920b06c41360c98631ebace4b9df3cd98cf9d5b68748433699ebb4e19bbc8c11a335edcb3fb8326de1f1527af147e26eeff09eeb8650
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/yJgJ1:6e7WpMaxeb0CYJ97lEYNR73e+eKZsC1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4840) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\powerpnt.exe.manifest.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp	96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\96e432b32e69329e6afa5b5919f85820_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
101KB

MD5
4deb24a841326a97cc2c8bb1a2910017

SHA1
f0e0146b2d54b1ac398728f8c9ab6e6036cdcac7

SHA256
45dda0fbeae9334840dc55827e0cfbaf45ba6e9f71406a19a52cfd2ff471de40

SHA512
3f163e0ca57347eb9af0527e11becc41d31ecc89e89437221a110bdb5479fc44701da5a98222b57e57db3f9a7630f822a65be50c10afa5313275c99e31c32549

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
199KB

MD5
f994132fa0a630589303988438cb8478

SHA1
2d7ea7acf4d68931faf5731d2d76d07a392918a2

SHA256
d8542e5894491e7f883f1cffe9888a8f5b662ef4ef9f54c822f3fe4b1ebe7b60

SHA512
beaf27c8ea65ba2e6dd7a31d786684a495bd8f27134bbf15f60daca44b4ac6dddf4ad0a1a7e64e89e749839c08acad53e47bd069637222bc609b06ccc750352b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads