acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
Size

96KB
MD5

375fd6e2c9c1a89e402ff1548601edb0
SHA1

fccf538e3d8e754dad3c84b6e9aae9fd78a2209e
SHA256

acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60
SHA512

efcef26684c5bf9d1234b1220e71dd723b152ecceb5c89815716793b3f2a76d9c3a8b328606d708d2cae22ee8094b08a77c09aee2d9e0b8b6a486814f568126f
SSDEEP

3072:9QWpze+eO888888888888888888888888888888888888888888888888888888v:Lpe+ekeq19

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4733) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\eventlog_provider.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.AccessControl.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Extensions.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\hijrah-config-umalqura.properties.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.RegularExpressions.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\VVIEWRES.DLL.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\acb5085fcd03f6a3b9dcdba3a668de2071e177fe1ff85dfec004848d1d93ce60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

Filesize
97KB

MD5
4760ff9bd37a3313cb72dc11a817b37e

SHA1
2cce7354820eb5b178507d146b456f4743242e84

SHA256
0b72313508cc08ffa180d1a8e566cb77d8a0fe7b5a9952c833a0a4de8bebb9a4

SHA512
43e17f79b49a95281ff0a33593885f82ad49c1e410e7beae94929dc2d798e93a1dcc29374ebe5db82fdfc400be3b232ec1763a1d968ac537f03e5be738978d3f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
195KB

MD5
5acaf69e8942bd3e2fbeca60f7f5fc0e

SHA1
a966515bb5a420306fbd35c3b20bad5cd72ba302

SHA256
2a4d2add8f3d2481b86e83fc34b2e2f0b2e688f8c25ed313beff0c9f6cfbe24c

SHA512
759fb98fa0c2556e6cce34546b30dc711762323d96d86e88b2602473d859daf29a39b793d23900eed008d7a31853e790f97628f21dd440b0b6be97ba128960b1

Download Submit
memory/2904-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2904-1784-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads