ef4af34ab9ea859079d1d71b50e5d9c410064deb37110ee716c9e3c336d319e2

Analysis

max time kernel
150s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
Size

109KB
MD5

a547abb71fe18a94ff861c7e7ba445c0
SHA1

33df815d71664a16231ce65cd4c3d5603a2d085a
SHA256

ef4af34ab9ea859079d1d71b50e5d9c410064deb37110ee716c9e3c336d319e2
SHA512

aedaf376838c5eccf97e848fdf41832f08b5b1063f17a9f174b04baa672da075c80e33a239cd0357d59c962f64337772237d30fdb526837395a4c15bccb6e5c5
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5KcMcoYJIJDYJIJ1wz1JNFHH1JNFHX6T:W7ZQpApjIKTie+e3wBJ/HVJ/HX6T

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4873) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationUI.resources.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_100_percent.pak.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WORD_WHATSNEW.XML.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a547abb71fe18a94ff861c7e7ba445c0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
110KB

MD5
1a718e61d0ae9ef7e814a82e687940ea

SHA1
9db06a77241186a27f148ab63e1af92aa02a35b9

SHA256
c37aa7f55c849c42af155565296f596068420dab28ceaea13d79416bed2dc281

SHA512
baab26e4649fd2f58f7348db4c97dfa7e0b752de30a8a48caddb75519a9de9961cc18ee4c41f2c6c414b0ecd0539506e714043ff417c0dd62313a10a405a8bbf

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
208KB

MD5
467cb17dc90094d0b28946c9cc24454a

SHA1
ab60f16e4e26f641362984b112c5eb8a7dad4929

SHA256
b5540795f41f6cf47f746b35e5cea73ee96f433aa4cf919782743efe61dbc21d

SHA512
049618d4a029524e422124330364051d860d3a3079cda4e113cf79f32ea9643083748d2e69287a79dd3209ec5b5540da887dacda0e002e7973104680b5ee1dc0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads