54a303cf834f2d2747d57597bda7e3f70dd39b64448dfc85ae3fe38316e07e9d

Analysis

max time kernel
150s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 00:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
Size

90KB
MD5

942da42daa788773dffa7e079a4cf950
SHA1

f27aeaf2b8514c9406232757f4cc0d9595b83fdd
SHA256

54a303cf834f2d2747d57597bda7e3f70dd39b64448dfc85ae3fe38316e07e9d
SHA512

6784c84b13a619c8b5aafe1947309635b27869c89dc4d2a779725d58fe5067b275c96b36ed27f4bc3a678fc9bf89c3ede5be529b426f4bc652fec606c21b53d5
SSDEEP

1536:W7ZhA7pApvOsOKjC0YSilpFpfkJOM2kJOMIsKsc696xZDKUXxXD:6e7WpXYvndvKUXxXD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5039) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-pl.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\BHOINTL.DLL.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\ConvertResolve.i64.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXT.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark.png.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

Filesize
90KB

MD5
8ecc4d67d09701f814147ab9a8bb12a2

SHA1
dc5ace7fe58a416f2846c18aa56703f4574bc543

SHA256
f1a7ff8c6f9df7e97ef832cb9e173dac3bdac41dc852ecc877382358a14d4c69

SHA512
54370f52746fb5f0be3966e779899ef3e3c40ccb49beac71b53f27cd46d08f5b47c1db22007606f620ed0874a37845bf37f15d40ffb1a1c21cdbc7854c2edc3c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
189KB

MD5
f0d11aa9d05a20c324f2893b8ddb2925

SHA1
1ff850f63f1561355b11a1933add469e72c6967a

SHA256
79525e1a2055852d652643bf7d8c922d125325d3b5079dd7e3d661edc1fa33b8

SHA512
b1b2047ebfbf729d5654a541a4182246a741b551ab5639c8cc9a881b4c02664a01f0b4c43aa621b49a38a421ba2126e91be09e52de3430240b9ef873ef4235f2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads