5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
Size

50KB
MD5

6bcd9b70a51d4b5cef028d5df8a47ef0
SHA1

22f4d10d4ba332cdda0fa8a6f0ae370512eb2047
SHA256

5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559
SHA512

9f9db9c53a3b8b989fdacfdd7c01ebe49966231b6911824f766b7ddf186f7b38c9c4c1e4ec8e6d9592a98df8adba198b7dd17732bc8e5b366dfe9c359d54523d
SSDEEP

384:yBs7Br5xjL8AgA71FbhvhwMF1XxXEh+v8ww+Y18jApsoRAIV3Hw+Y18jApsoRAIF:/7BlpQpARFbhtF1XxXEhk8UEK

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5274) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\kn.pak.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MsoAriaCApiWrapper.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\PNG32.FLT.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSB.TTF.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\Word 2010 look.dotx.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ca.pak.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\README.html.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL058.XML.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\FRSCRIPT.TTF.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\REFSPCL.TTF.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClient.resources.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5af452b2a73b68f03a43ddd3e0e3546521eaf838f4360785971a6458f66bb559_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
50KB

MD5
6b185dd042f21bbe5e97d5f7e588225d

SHA1
b8e745545897203cbad028a45edeb528efccb6e3

SHA256
8bbfbf8f277be354ce6ee8d82493d74b5b46af015a4672b80eb28c15179fd06e

SHA512
60bcb5117c17781c6f3568b4f138b4e6a5cd3c8da4fcc02805bf4a0c8f815496ae9a10af823fc9804c7aeffca8b3ab2009e34adc1238bbe6e671056dc62a30d0

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
149KB

MD5
eabb97ae5365efa23b0288b2dd58d737

SHA1
e6f84229fc00aef39a6be6445961b29ed9e40515

SHA256
36cf5d42cb3a76f121c576356240331ee7b27645c4667536e00d07d0ddc0e563

SHA512
970f363802327911529391504250e10391c41d236937d91600bef03a2babe50cd3b8467f2ccc896df93766165eb936393b4ed273db205624396cd4cfe2342c05

Download Submit
memory/3504-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3504-1961-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads