00a0f3186bb13d871df062119cc4c677c8d3497678de82dd02c15117021a5a1a

Analysis

max time kernel
150s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 08:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
Size

43KB
MD5

af31e6b30d817914761ef7f25d19ab00
SHA1

2c589ba979cb663947f80c2cb1d40c97500bf473
SHA256

00a0f3186bb13d871df062119cc4c677c8d3497678de82dd02c15117021a5a1a
SHA512

3002d1f83e13730d419a586ed07ffb1795ea1fe23a1d11528d3fbf8673c9f79c11f1e2a95f2347dda368e68fdb45c4da41250fca119253e65585b2365704ccee
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFAHNt:W7BlpNLpARFbhblkYlkuvIYF8t

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5244) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.resources.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-pl.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ppd.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.TLB.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Xaml.resources.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lt.pak.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.png.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE.tmp	af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\af31e6b30d817914761ef7f25d19ab00_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
43KB

MD5
1c97c3f7e45350cb168110a00d159ebf

SHA1
7d2782dc07ac0ba6fd55fb0ab83b48ac141e6da0

SHA256
9c36b0c6b854c184de2466603de76dcdc27ca5daa77b4d60a163f6c6cd98710d

SHA512
ad3c35851cc600d7f740f2000f26dc817421de220beaa7567474e6df05f3bb664c1592d97dd640c4e72d158cc4f50b0d4315c24332fc609e315c65f684dcf70b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
142KB

MD5
7a082ad25fd5c599d1ce1f2cac781bfa

SHA1
ac8135611bfb8f918b1b9dc8de53c68422e7da4d

SHA256
f73a5bb03dfb3ce135a4d194b18466df359f7c700fd450bf5cf3bbc9c428b2da

SHA512
e26545a257f3f9c994063297d5db7acc1bbe072840ee43bcc52dadb4834019accf7cd669a40c94e6bbb226ea536ad5493461fe681bbc879753d8d623ddf13dd0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads