972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a

Analysis

max time kernel
150s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 09:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
Size

42KB
MD5

5efe0ed2f420fd7e9cbf4803c66839d0
SHA1

3a312b28d1a0eb56f7f95ee0959965bc7713e2ce
SHA256

972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a
SHA512

669338f114b488c0401f97b594814f6655e072de5f1d239a345ece1b14d51ee4931ed9af7a966979203f57a67ebc1dc8e6bd7b8353608de6b20f23e2adfef4c3
SSDEEP

768:W7BlpppARFbhbt7Y7FoICOiJfoICOiJgK:W7ZppApWmA

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5321) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.Unsafe.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.boot.tree.dat.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LHANDW.TTF.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SFMESSAGES.XML.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\972fafa2d59139fa90f47727dcd71e54c75442f87ca7dcd3ca20c969d239be7a_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
43KB

MD5
6ce0b8a0182b0c59968b1cea8c5cfc6c

SHA1
22e48ea0fd65ec71d99c23bc8b2763dacab6b274

SHA256
5eb36bdc722de7e67e7445015717dc875ca42e77000dce980c7b49792caa28b2

SHA512
41e8cdbc9b68464b80ece6ba1896255487e217dde4e6de3fa09490ef2549db11197b933c4a3585e61794b899aa0e9eaf8911a1c960b2378d6663c3c1fec51caa

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
141KB

MD5
5dea2a10181c14a5e237d5472ff76cd1

SHA1
dc2d853531ad78b3e3a9ab9b80ced2c4e6067973

SHA256
45b03ab833d27f935f8b90df61d15f847903d1445decc5053e398ffa23f32659

SHA512
cc5653844b7d9ca766dfdb617b4b7ded4a765a44122a23066c52976f1e6cdc4c23cdec41e1f7c816aeccbc1eeed397138a8e19a2dc509076bb6ecf15626f1fb1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads