82df309fbad31e3d4fa91ba38d525a9652778a4cec7d8ba2cc97766678c75131

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 03:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
Size

132KB
MD5

a14def1e62cdcb424ef122fe530dbc80
SHA1

8178634b7da8c1b994186915b2f770c41c252b97
SHA256

82df309fbad31e3d4fa91ba38d525a9652778a4cec7d8ba2cc97766678c75131
SHA512

a864ce1959572c88bc30ccae698ed78e59fac5f031ca74657735477d3e173c20b17aa5bd284356b03d59f95812f3c769230eba0f9d439076489f40dc491b5448
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzL:RqlIyFESWu0SWuGSwx4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4857) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL103.XML.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA0009.DLL.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ppd.xrm-ms.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp	a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a14def1e62cdcb424ef122fe530dbc80_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
132KB

MD5
168c2efa4876d513b128b0c29bf9e58a

SHA1
44f4465680bfcff3d3b66ee98d264da47b8d13cb

SHA256
49f246774c34358706060c681eec6c5906f8f55f08c38ad0867649d79685cf98

SHA512
bbe020015fed273183d58e1f5aefd55c44baa2d6771af71404191f78e63988afdf451eb37840ba78dd727c0214841de45c7fd032a812c231a3458de8afdefba3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
231KB

MD5
a66d9de2246f50a8e3410ccff4aa6391

SHA1
e25210eb59be087def1fe74e8571409575f2a949

SHA256
0c0c79401de9b077ec9b553a7169eaa3ccdabe4d56c71788c8d64450a82f47cd

SHA512
d1f999d9cad8d45b0626c153bc0edece0c7f46f1e4ff935d7f1af6b98e901462f697a482f89aa50109cc3171db216bffa0f96e5f1b4737c77697fb212197e8d2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads