14082f871cec69447332fecbf6f510ab82c50cdfaae71501eb8e4d8a0f4cdd32

Analysis

max time kernel
150s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
Size

72KB
MD5

0e450871e925a5502efdf854ff082360
SHA1

3eb7f736134c11fbb8f6a375abd8966906c46a08
SHA256

14082f871cec69447332fecbf6f510ab82c50cdfaae71501eb8e4d8a0f4cdd32
SHA512

f08c916c647c14037d1c4fa7ace5bed75937e53ffec56f3835dd9b876c69ae35b83b047e264491d34d0512b2fece3c725a56fed3f9782baacbb272db59742649
SSDEEP

768:W7BlpDpARFbhYQkQjjLaManvFNFO/Ms5Ms2FjJk9O7X7vX9O7X7v4:W7ZDpApYbWjCDOcJf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5201) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationUI.resources.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSPECTRE.DLL.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARAIT.TTF.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.exe.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp	0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0e450871e925a5502efdf854ff082360_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3640,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:8
1⤵
PID:3832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

Filesize
72KB

MD5
17dc768bc4215846ca66c7785ccdf01c

SHA1
3277a8c1a066c6a10ea2db63f401bb1f6a2c3cf1

SHA256
605857148fe72453daf353223038faa78eba9a45dcba52ae79f6035dc6ac1df3

SHA512
9cffa0e843db777c199675039efa59455a65160745f2658042ab20f9d3167f9ce8abb5f83e6f9e6ebfd35ccea2dcaffcaebadd57ab72d2b3466fb77ae43428b4

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
184KB

MD5
490a6f7616690b79b512e2d60666ac1f

SHA1
709788f7590ec1d15e981944c36d383d291833a2

SHA256
097d6844435963dc98d10907fc8e04ec8304a46def7f24f622271b55115f7015

SHA512
bb6cae6956bf214ba9422af7e086ab19d5e8b0f2afdf4e3df6f399a9e24d03c73dd843c300ce1eb30e2fe7b1c69407dd02db9061b64aa5bdc9d0e2e2feaebfa6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads