0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51

Analysis

max time kernel
150s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
Size

56KB
MD5

526a7208dd286d11c6674b057e928240
SHA1

208440e5dcdf78a6ed4c2b313ecdc5f7173a56b9
SHA256

0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51
SHA512

ddc52ef71baca9fc35ee9030ee34adc575ed929879e021028737e1682cb66bb350f964fa21f24734e4af1fdd166e9b10d99f702c73df9d9e0279b8bb6c72bf75
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meDL:/7ZQpApze+eJfFpsJOfFpsJ5DL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5190) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC32.DLL.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationCore.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.LEX.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.LEX.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ReachFramework.resources.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.boot.tree.dat.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\msipc.dll.mui.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.Core.dll.tmp	0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0afbf81568a122042ede3f7d5fd862d8575dc183d5b1865f87d2a7a22d9ceb51_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
56KB

MD5
b187f9437bf1227bb20df3836157a7fa

SHA1
fe2b16e673b9effa725e48cf72c0988a11c3c335

SHA256
b694d8532fe664584fbe751dc4a252973029f607fc6f2109daba64b574ce523a

SHA512
a08aa8ef07dad57e3c9fa701e4861b85a85d92d85441618a8cd8c36d1f236e1433da87d74537b45676d0f7f9a9ed993eeead1d1093b4e5cb167c812f3cfdbba8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
155KB

MD5
cf5a600f04189412db85996cdd1b851d

SHA1
2f1d9ad9c70d5c09ce4bf41deac02a9e577c132e

SHA256
37884b1b7533041801ce71f3ab1954ee4f7ba81efad4c3d36b7bf88e855db0f4

SHA512
e35fb590df4a738d3888a6ad8ebf41a7299984e16e59e5f9455a9cae5e333429f236691061882d7c645bb460ed79092f4861291fd4555a86c015f4f6da78f939

Download Submit
memory/2084-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2084-1884-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads