f4a7b1713f51e111dad9cd97552850a861ae045c56dd46534f2e6732efee83ef

Analysis

max time kernel
150s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
Size

380KB
MD5

8701deca40122e25505dfa91dad14640
SHA1

c14f935800e34d0be90f969921ab3c9cf31f3a49
SHA256

f4a7b1713f51e111dad9cd97552850a861ae045c56dd46534f2e6732efee83ef
SHA512

19af96469e8b0cb1ad734925f81cba1deb7b481ccd10b56b4d69eee8ab33c2d8709815db2889cf09309da4aa8868de50a571abc5689cc114d897c2862733f293
SSDEEP

6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtFVHPyvewDpgsKhK:3PxPir9RyiIuGcKbpaSL4vtFVHPyvewD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4347) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\manifest.json.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\kn.pak.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\DisableMove.png.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hu.pak.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\CHICAGO.XSL.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ReachFramework.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLL.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-TW.pak.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp	8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8701deca40122e25505dfa91dad14640_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4292,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:8
1⤵
PID:3176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

Filesize
380KB

MD5
4ae2bc1c90aec0a23b6da38981abeb8c

SHA1
8730aa3656b2a42a9b288180bb6b1b861d77eb0c

SHA256
56bbcea41a3061d956b2c71fe61460a675c91bfa0e549526e9a57c7d74cc0b25

SHA512
df25a89282fbe35aae7b193f6a3a6f96417df3c476b8724d15dda5748302b8ca4e1082ef6d11a6520e9512090cf789973655f89cc578084598b6b2bc22059a68

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
492KB

MD5
ebabcb4c5109ccd988d98e58711c4595

SHA1
5050661844f1813f4d855e9925acf1a7a0ab7242

SHA256
7ab64891d82aee979a5c2ef7ffb99b9f707a817a1b19a4677891a90b76c562ee

SHA512
2abc4bd718a0c0986e6a504f0fcfae06be7dc75b652dc7bd4aebd12970711d72b1075d61040f324c0b26c52b628ce5431467a8f4033721203897b16bf20a3126

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads