4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d

Analysis

max time kernel
149s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
Size

85KB
MD5

94b14ab3f198fd487d7a9366d43bddb0
SHA1

0b01207d275816ee2ed1f7759851dd34e3119eac
SHA256

4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d
SHA512

10475754461066d517577585679873508b78450a4d02548daa45f0561115b6be9372c1e1ceffa0ba53528e3b283abf99a09e1f2cb02bf30376c69d02ba1ac394
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEh9:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5196) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\he.pak.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.LEX.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationFramework.resources.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.png.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xml.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicelegant.dotx.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.White.png.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\DESIGNER.ONE.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\PersonalMonthlyBudget.xltx.tmp	4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4a47fbf00cec4f2900e8f6c124daf0441bb57e3c8ac3c304c9ac91fe225cc80d_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
86KB

MD5
4dbe075472894cff03f57fafacc3125b

SHA1
88fa32d2c144cbcee38d5c2b1a30fe6ba14b99ea

SHA256
a7b1903a8223a0a4970d059da59ab7e70c552707e33ccb0c925872b2232d6a39

SHA512
486b34e76786d11926f91e57bb6b4b35a7130f3dcad3cd4117be0907f5e6805a32f8f3d5ae096e949711a20fffb413f831f53e7c3e61c1be54b41798767873a7

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
184KB

MD5
4a33ad461b556e42970ce9ef6fcec628

SHA1
e1841916bf51966deebf8726416b003cccdb50b5

SHA256
59e0522188a36df359d8d9a8abcdc2cfd23d05678efd23d99a440256e3c599d1

SHA512
5574c3fd91c320bd96307d35d3a665a418777affd61f7a85436b466596a57381ebbb28503872ebd7894c7e7b353deaef319702e09193101d8e1df8f14df86db0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads