e3c5e204610a5c7df19ba00a7cd56102d124b99ef77686fb4418f2d38b8665a7

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
Size

100KB
MD5

172daef9c610cf66a0a9c47329c51d30
SHA1

84ef4b4a6e8510f571d96fe2f23e78798eabae02
SHA256

e3c5e204610a5c7df19ba00a7cd56102d124b99ef77686fb4418f2d38b8665a7
SHA512

c61a9d55d564077243064655382a4cb27347cd74c29a997bb1615825f99eec5888c7c055dc2d059020460b5b89e6121e8f898864f629afa8e3248ba0a9551502
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN5Blpw:6rWpcOPxPke+e3fFpsJOfFpsJbgEy

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4825) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es-419.pak.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\ConvertToApprove.AAC.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-CN\msipc.dll.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp	172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\172daef9c610cf66a0a9c47329c51d30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
100KB

MD5
5cdd6aff1cc92b0fab03b563ac38c450

SHA1
a9d7f1332e117cdb8b87727acf7524a3b13a797c

SHA256
2b77c897fddb933d32f0e72b699a3e80dfbd1cd6654e962208674b95d08a40c1

SHA512
a22c581da560333edc4aca54baa973e16578a07c8f310741cf04d61f9437aaed3e2efcbb6652988b05a740e1eab00ad2ca5bdc9310455302a5c424f6bdc46817

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
199KB

MD5
47761a325378a368d50d6bf6b95ac06b

SHA1
5407aead2ca5cbdb4cffd93cc488dffb6a98f06d

SHA256
abaf4be504cc7587e65b87bf5845bf8618b07a0475cd4bd45c111c5a21a80651

SHA512
cdb10b14d0e673e4f268e054d559b794e94d09f3646bb4c8084a2815d090e3477db46975474a34ad1a00acaae6656ba2e08ebbb1664294fdaf2be6b4c756222b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads