dc7f3219a20d5742e807f8d6e521e51a6e77e4f152cdeca1f187d8ceb5cb510f

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
Size

48KB
MD5

0ede7d1549f5dd8efb6b7ff47ae57a50
SHA1

2776d955ac8c3ae8767750eb8384ab1cfc99f1e0
SHA256

dc7f3219a20d5742e807f8d6e521e51a6e77e4f152cdeca1f187d8ceb5cb510f
SHA512

b34c4202943e48d4cd0b1c24dec86fc930645defa3e21485df24d1ffccf9d6de5f7ae79fcb8ded28161beec39d030e84d794fa85e9bc3f3f3b46e16e3e1091ef
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcVM3VM3W:/7ZQpApze+eJfFpsJOfFpsJZ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5123) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libEGL.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONINTL.DLL.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es.pak.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.exe.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuuc53_64.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CERTINTL.DLL.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_iio.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLISTI.DLL.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ur.pak.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHEV.DLL.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotdintl.dll.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.DLL.tmp	0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0ede7d1549f5dd8efb6b7ff47ae57a50_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
48KB

MD5
6dd242dd962f9dc74078211ac61e0c4f

SHA1
33fa859fed52748d191ed1e8dd41ddcd356043bd

SHA256
a22c30de910bec73a323c09fb1ffcf567895921b440093bc0c6afd41eaf20aec

SHA512
1b169d130d2bc42622f8c9b34fa5cbc500d4a92bdec9eab1906e57e92c82b63bffe1a3748feeae8cac62f8ecac853fffec841ce16c8fabb8707009a4b7ba2874

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
147KB

MD5
7eb41744f0964966b4b3b33aec9e92c2

SHA1
db8fdc76ea270d356d065e37fb47b0d04b8ed2ae

SHA256
479d736a8b979be73b043b8bbb0763269f489adcb8cf77d4fa62c562cb40907a

SHA512
2e33280a3a93e4e9ee62b7cd17cd3e136584ba859d116abb20b6cd68f61fb5be249b13054adc168be3258dd56f1358d90f5c21f6605825e9e997d8223e20363d

Download Submit
memory/4820-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4820-1802-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads