01b73deac1d759fcb0b7006d9724228029efa153838466d407bdd002371b54b4

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
Size

73KB
MD5

a962aed17025aaf6dadb6cd192030970
SHA1

3fc3d7c71c4ff34d0d285fe81579ba0fc5213bcd
SHA256

01b73deac1d759fcb0b7006d9724228029efa153838466d407bdd002371b54b4
SHA512

274aaebcbb6ca87999677edf586810ce7b60775ed0efcc91e2306c06afa3f6bbcdcbf053b28a0750b27b1ca96d6ff3314e0262910cfdc8f4567ea3212d193cf0
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t5m0m69Q:6e7WpP9oVLQthbYY9oVLQthbUrt7t5mV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5249) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Input.Manipulations.resources.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUB.TTF.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ro.pak.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LEELAWDB.TTF.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYH.TTC.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\desktop.ini.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nb.pak.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-phn.xrm-ms.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msix.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\FREESCPT.TTF.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark.png.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a962aed17025aaf6dadb6cd192030970_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
74KB

MD5
55eb812d0f79c31ec2592b47949cccea

SHA1
5a9a528b22423a56106deb95ef8a09730663d505

SHA256
096c14756468a7221b17b7936f0c51577c1f0eebd1ee71b4b30d96edb5c58c4c

SHA512
1e33f4ac7b197b051671e31183cb69b4a101edd8b689971f50825baf0014b291a805d7c07eb90f96977e4957e0d78b98cbf97a4a336690cdca9d53e8fac219c7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
172KB

MD5
475fdc9ac745dd9c7bc99f11be7600a6

SHA1
15e76c70d6ba8d88252049012d1f3eb6da863e22

SHA256
61fa549931bff55ddb6f866a71126d58133070e409e4b54e819ff25466889cd5

SHA512
baef30cd4154b9b8deed1b91ddaf60cd56ed2d3ecdf31b0b2d07c469e5cdc76051d1780a8396ad518abead16f96ebb699ba1bcc022b60147c511627952514c64

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads