af010595f26a7b59c04fab15b59901e15b61e1a690bdcd3c6f66d0b26e1162a2

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 15:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
Size

63KB
MD5

0e355fa2f48056932a8a8f8e559bc450
SHA1

67f8088fda4e87ac38e344e1319ca6f300eae81e
SHA256

af010595f26a7b59c04fab15b59901e15b61e1a690bdcd3c6f66d0b26e1162a2
SHA512

7bf0cc514fff2d4412783d1e0023729e5b14e00e876708b1926ceb05e9ac8f51efa85c032792f42d680190e4873b0b9926ff0558c2f65a671cc0d024f6c32535
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuX:W7ZDpApYbWjIlE77uX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4938) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Controls.Ribbon.resources.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.GrayF.png.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Inset.eftx.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-pl.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.cat.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-stdio-l1-1-0.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.DLL.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp	0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0e355fa2f48056932a8a8f8e559bc450_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

Filesize
63KB

MD5
5194bbcb12e2e3ed86be44f1b067f5b3

SHA1
729035ea667e2aef25e14fa0e4ecf6cf62d8430c

SHA256
e197150a2cd983d3e5de5c753d6d2776556ad0092d85a43c1be7dc022e2d37e6

SHA512
99227d50312935de5ff14fd10b3c471b3e099f029f9c50bf8bbb8c9c044af0784a0b42dcd38c671955a30b6579b15d001953f67163ff3d181f0a4867ceaec013

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
162KB

MD5
152099820e2c57bea55ab93bbc5f00a0

SHA1
d3f43aa5dfc6f268f970e3914a024a70fb3e40aa

SHA256
ea4855aff4188d38353fb56fc66ca0664ca018dca00cbd389cc254b87757d623

SHA512
0ca51e76824c2f7248e61d6b667adcc730fafc7f473837525521fc0b89c6b9dd693559ea373ed1659834b4b2c1328356473431fc34091c90aff3a34c27ecbd7c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads