0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382

Analysis

max time kernel
149s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
Size

83KB
MD5

be88b472f52346a5039aac09264c8690
SHA1

a579a91378c7bee82b3c81a9b709371e48fb3fc3
SHA256

0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382
SHA512

f1dc657d93788d8ff5b4e0561421b50ac01c3816c06af60c851b3c6b65bce0529e057f1ac4dcaf29a2bc57de098094a4fa5a38d6afcc1d3072aaf128e8a0f7e5
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBK2LUp:69WpQE0zUp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4851) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationCore.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp	0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0adf353e57f1b3b4a991cc6602336b1aa455dfdb9734e94b4c8e06da6bdc0382_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

Filesize
84KB

MD5
56c80d0f53601de288461ea7d3ec5474

SHA1
8ef16b0f987d85ace4ef64e5930850782417851a

SHA256
5d94797f36f8fc554e6dea407a464180c7cb301460d2a6b1261b8a4935cbcd7b

SHA512
8a0a645eb1f0a5a39c787b27cfb288e470d27d3e732378d7336cfa2b240db8337acf84387b9d3aa8438ab3526e5d78adb5421e5ee0f2dbf103f8bec4081a89b5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
182KB

MD5
e1b8e63f9ed61c8f23708be473e960c4

SHA1
6845756950c50bff771f3c378b6b76d50d26ca69

SHA256
6a5ca058a3113bf37437a65d22da81ab45abd11270d09ea062e6e5e5bc001e77

SHA512
22dadf312c2aaf35ccde3b61eb5851e422eb41e695de72bc4e78fa100c8d43526a742c38ab304a80a79164ef9d66a3507515c97d0e083daca8abfd14961cf590

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads