24a2393e84ae2ce14a9e23d7de2648f2267e39748dc4e11fe3d7a23e6c811180

Analysis

max time kernel
149s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 10:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
Size

77KB
MD5

e8cad3cdd0b8589b50bb4a7b5a3f1650
SHA1

abd7dd13b453f29bfb568f5fd049ae64f590ea6d
SHA256

24a2393e84ae2ce14a9e23d7de2648f2267e39748dc4e11fe3d7a23e6c811180
SHA512

532a296de93868efa7adf753f1b98d8a45b8a496a639c0f691a5ccd5d2141546677eb9916873f5880e28e18a82dd389b621f337960fee2b24dd928840a2b2819
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/U:6e7WpMaxeb0CYJ97lEYNR73e+eKZU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5027) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.png.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Input.Manipulations.resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jli.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Input.Manipulations.resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp	e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e8cad3cdd0b8589b50bb4a7b5a3f1650_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
77KB

MD5
81da385b7ec1380e261d78d0e191eff9

SHA1
663922837cfdcf59c2bb8e2df474af67dbc8bba6

SHA256
f4ac01170684ccbaea1a3e4e0c5dc5191d272e58d988c12015906ce4af175d7c

SHA512
539b32c9183c5fe88d64c5f60221635f03498b5d0ea82d21c0c973a6b42e7ea82ec3f858c4c9069cc5bfbdf966df495bc44b0a6cca4d95928644c7cf52969741

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
176KB

MD5
6733bdf3de02dc5dc943e6af9948f9fd

SHA1
142343cf764a60808d1067eb2ef15ace596f842b

SHA256
c510a70305b07a397b1e74f359cba9a3b09004b3552d90d142b41bc42aba571b

SHA512
fca9c0565ca73b22a58750e584832b700c07903036bc2dbd5a75fa373807931d90720569c6a3aaca676cdc1803d86bb21b66a24567630c1d6907ed65bf90e0e6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads