ff9ab5d76fa896063ee3235aad6c35bd930ddfbb7e1d19ec79958565c71962ca

Analysis

max time kernel
149s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
Size

78KB
MD5

bca025d3777d528f39c6b8f8999f3da0
SHA1

d0da64ce30f5f917c36dfa570e7b4c1ec711b001
SHA256

ff9ab5d76fa896063ee3235aad6c35bd930ddfbb7e1d19ec79958565c71962ca
SHA512

face2b009b0e7a2a4a0ae18c0c5a9dd3bb7ffcdfbad3703da9e83f7994d32d8896cae24218e8513a3632535d7a9cbd80315fca5200f83635396d7aa144213532
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76uSv0hcM0hc1:6e7WpP9oVLQthbYY9oVLQthbUvX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Xaml.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\EssentialLetter.dotx.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointTeamSite.ico.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Xaml.resources.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\README.txt.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNBI.TTF.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\amazonredshiftodbc_sb64.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.IsolatedStorage.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\libeay32.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxl.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\CompareDisconnect.ADT.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.ONENOTE.16.1033.hxn.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Parallel.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.exe.sig.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ppd.xrm-ms.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp	bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bca025d3777d528f39c6b8f8999f3da0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
78KB

MD5
90c5d40f7beb95a390308ea22d7e1442

SHA1
613178aa9664d8ea6b2a41846dd50d256fbe045d

SHA256
da530266a3eaf696f64c2ba6602c334ad62fa421d566b8da49e5e1a8254731be

SHA512
3185e4112b33c2b7b69842982bb2540ba613c431bfe4f84be9295235ab73028d33cc240ee9742aadf177c06bf49fd99dd34940867892bd0b5daa2a873d0209d2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
177KB

MD5
77b9cc6e4105705c9c3663860166d232

SHA1
305fac0ffbfe9794e5c8cc1ac8ddba2327fee458

SHA256
4846232c39c40c3f2208ba62223bd6ac3876fbf1e0b96b3caf7dd8ddff8012fc

SHA512
78309c2d7b071fa8bcbe59360fbff9703af5aa0465a55c5e40ecef6746b1b47d75adecebcfc6be5778b741da1b1c706c8eed6eed1a3fdaac97fe9c8bf81b2dd3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads