5b3dba70148b123c2add203bd5a7498c353494e45894efbf5c424e156c7c235c

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
Size

137KB
MD5

0b46437b759154fb9b09b4c2afe6f650
SHA1

8c22bbb3fc6d4903d1e180ad92174da6e50a7ae5
SHA256

5b3dba70148b123c2add203bd5a7498c353494e45894efbf5c424e156c7c235c
SHA512

5493482d9513f94fa038bcc80bf83f0f7882b5d4ee0f8b0a138e0263422a9a5668644f8b51b8c3bc6a8c295015dd126490018565d8cce54b6273dc975ed9df5f
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBO9:/7ZQpApUsKiXBvzwvzXJvlwJvl3

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4853) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.policy.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\LICENSE.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSF.DLL.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jjs.exe.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\ReachFramework.resources.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp	0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0b46437b759154fb9b09b4c2afe6f650_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
138KB

MD5
56c0c364d331e99094347227a28dc743

SHA1
6bc34ab63299906e035f0f25cdee9581856d9603

SHA256
2de951b0c84f5d50911e63d4605bc9a17ee363f5e69687cf82175f29af3543b6

SHA512
80a93401bc016bf3ccbafa17a8f9e68ee64d32d9bc6d4abf359f00cae5bd22a7e17d983745196b84d03dc60a98221dc3636b73b3801e1221ac03725c37a39b54

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
236KB

MD5
374ed7facf2ea5e1eea7fbcf7deb2e16

SHA1
a2490930964375dbe01b0f23fdf857b911faba86

SHA256
a4beae84ff056e93a5a5e642c9e07235dbe181e6a802fb4e6ced6e37d59ffb61

SHA512
57e9a1901e200ff76b5d082330d57fd160709065d0a82f12aa9aa9528286f71667d224237d5d2e74fac3f4cc00b99a4d304ec39a3f4382e7b0d80500f80025f7

Download Submit
memory/4788-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads