e07212a3697c35b673cb7b1d2a4cc3ae9c402ff50bfb7812de73eb6c632a31c8

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
Size

93KB
MD5

2923501b96d3c9f4375f99c22ba6f530
SHA1

2b6d287a341731b1e68db38e8d5b724efb7de503
SHA256

e07212a3697c35b673cb7b1d2a4cc3ae9c402ff50bfb7812de73eb6c632a31c8
SHA512

0e2590b97d1c0c2669a6b3f5eaf6d5c36bbaddcdfcfdf03a1dd8d009f1b50efdd8a17a325060c80e096ec5fcac9910cc981a0a00b0a7ce294e0a394410240f75
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNLxw:6rWpcOPxPke+e3fFpsJOfFpsJbgE8

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5013) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN121.XML.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\he.pak.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_K_COL.HXK.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\msipc.dll.mui.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\personaspybridge.js.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.Client.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre8\lib\deployment.config.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAME.DLL.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.map.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2923501b96d3c9f4375f99c22ba6f530_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4376,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4672 /prefetch:8
1⤵
PID:4012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

Filesize
93KB

MD5
5cc24c1e5fe96bc2a72265c42d7d0603

SHA1
9a8ab88bd62b957a86516de2bc04a8922dce2d12

SHA256
2884da04214379eb8c2b22b60d96138be4029369c50b5eb3ef806f7b293c02e0

SHA512
15dd6ef2f92a1585be807d4fce68c8967286c94deac872d30e499ff9307e13b150b4f117b5894cdb8211f968829b6918189377359895e73e4617bc6595cd857a

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
205KB

MD5
e65531eb66005d4c352decb769c0e4b8

SHA1
11e828c09839e4d7e7e81fdbaff6ddb2cbb39a1d

SHA256
48de384eabecb320738ee2a8328bbd18b54ab61d2a0b6a1b43ec5924337b835d

SHA512
17b192304926b13af5ab09ad344ceee1a3ac229d8f75fd5dc4e99ede898a4903691bb1a86ce02dee53681f698a74e97c5940950313d97874b87f2109a1e411ab

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads