0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2

Analysis

max time kernel
150s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 22:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
Size

96KB
MD5

4cd604d090d504a52ddf4128b5e6ed30
SHA1

7b83457548518e63a87010dbd393c59d523cd730
SHA256

0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2
SHA512

e89406078eaec06c6879b85ece56ab60e108c7ecd377519d28791e0e4aa69a093a141f3c469af410ad970128a7e12e9dd1d83af2727b7c615f61def59739aa25
SSDEEP

3072:9QWpze+eO888888888888888888888888888888888888888888888888888888+:Lpe+ekeq1E

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5093) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyReport.dotx.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\release.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.tree.dat.tmp	0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0b85416e03d53bf85fe4fcc2a8da0c347a37d469fb210689f1499d9045f204a2_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
97KB

MD5
898dc340f4f05b1ebc1fdb7c2da47e36

SHA1
929d9f04c1a1b2ad0373908118bd697918d22a21

SHA256
a4e2e85c0a1e5ebcce658ae5cd57e6fa3877add347edbeaca0afb7a2997883f0

SHA512
5b56cc3bdb3d0f7a0d9a68d07c8256ddf9d565e189e719716acaef640605b34b83985588bd6e166d24336bd3fe8815561325eaa1ffac03cbad6bdf9eec2a77e3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
195KB

MD5
a9809b51dff52c5be262f8b0e20b647d

SHA1
7f054980431e2ef77fd5409f9d250705d901bfd6

SHA256
b0b7ebed3091b88cf8c2fa718d65de848c94bd7688d78ec93861653ec5c00e97

SHA512
d7976a3c511dc594a647296f41caa5ca34744a5d14483c434294528e7c37739ee58664d13e391554892e8d6e3f4fc5e91c1672784252f0c27ffbf5d97b223ae5

Download Submit
memory/956-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/956-1878-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads