57594be8d7f7e45ec8641c0b54974bdfb011577bff86875e0dfaf22e3641a7a7

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 05:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
Size

79KB
MD5

a4dc468e4d6a60402e99d175b8bdeb20
SHA1

df33f44ed8d62ee451c4266d2287ffa3cce1c42d
SHA256

57594be8d7f7e45ec8641c0b54974bdfb011577bff86875e0dfaf22e3641a7a7
SHA512

f1e139cb9e3a2be9d5ef51ec2910b7babf180155c0aa116475bc964ef0b2b89be7c7f90b02d5f421db83955088419e7ab79b95ba76cb7d30636ac45fe5e0d113
SSDEEP

1536:W7ZhA7pApvOsOKjC0YSilpFpfkJOM2kJOMIsKsc696xZD:6e7WpXYvnd3

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5210) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackReport.dotx.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_200_percent.pak.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN054.XML.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LHANDW.TTF.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Primitives.resources.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGI.TTF.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\REFSPCL.TTF.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\icu.md.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\XLCALL32.DLL.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xsl.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.tmp	a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a4dc468e4d6a60402e99d175b8bdeb20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4336,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=3972 /prefetch:8
1⤵
PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

Filesize
79KB

MD5
f0c94bb17c20aad48b4c0297882ae64d

SHA1
15d8053d3b7a22ed52b275e25a863a6664ec7eee

SHA256
353660c9a89e4410f54042ed3b69b6c1f78e6a9a61ee53e76e65c3014f5ecc70

SHA512
81cbd6ffd9160f898f72053be9edf5fbac4b62fbad1a973f2c2c7486c905955fd0902476724c06c78c7b26017c28700a071d33821a90080fa6da8c2eba756b0e

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
192KB

MD5
797b8041dd7595db50a6fa877172566f

SHA1
34114bd07860c8973f1db0209d90b4990f43fe10

SHA256
aa5bf1e384bb1748af59d0a6bbcaa7d099aef2e2bb1dbc4e4943b25873820ac4

SHA512
840b5b062089c3606051534e8748f5141984be81e35cb3f587d364781b7e460c2ae6ff18932c4676cb2fba4288ecf50dcd07a8bf5827a74d0eb901b1d114fd79

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads