030bdbfa4657d343476ae504203c6215a1055f59d55d434f9f8d973e01e7e044

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 08:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
Size

128KB
MD5

aaa5b212b043cccf31c973adb025e400
SHA1

ee24efd4b93651cc6945899874d5b0389a058242
SHA256

030bdbfa4657d343476ae504203c6215a1055f59d55d434f9f8d973e01e7e044
SHA512

182bdbd5c2f012cbc30c996fd411d241bef4c20fbb1309c512e860f2875adc97aeaaa20b2f481d7e50a6b4d928e050165b827bd23190513e8c063c76c0fa66ca
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c50KPKu:/7ZQpApUsKiX26KaX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4827) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationFramework.resources.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\te.pak.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\vulkan-1.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp	aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\aaa5b212b043cccf31c973adb025e400_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

Filesize
128KB

MD5
38e7000cafedd1bca6f698ba4ad93cba

SHA1
47d5fad76395c2639cd74ce5a26df819b7eb8423

SHA256
8cedd6c745c36de7bfdfa5a02fc80dd501c35abb3b6644a4cd9b7553d4013a84

SHA512
0527028a9b9a52fa9dca5bbfa3fd39c1fee960c06f36e5875790a1e5aff8ad651a6b113cdc7c02e3247dbd68feb727f621b8670e2c6a97947cc403696cf74998

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
227KB

MD5
560a73127af14591eb21f9b8a639d1c1

SHA1
f722ffacfd1d5c46c57d0001cc37ee43a8d4af3d

SHA256
f9379f60be45dc03b61f72153d0f0e6b89b896d1d8cc1e91a7b0d00e2f02aacb

SHA512
c0e52e769ed9c0ba78b21621b86dc0d8f9a4ad09faeb2ec90779f6f43233351dc49302ef5cbb226fca236abbb58bb8d2decf264085cdcd811409e8ba1819dbc0

Download Submit
memory/2044-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2044-1738-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads