4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378

Analysis

max time kernel
150s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 10:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
Size

40KB
MD5

fcf238eee47ad77e4941d50116b3f630
SHA1

e0a20b73fd318d5ba43525a24305d2106def078b
SHA256

4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378
SHA512

3821775506bc088f62259fe7b6c5452682b4f7b1f9bcab28aa4038578ae8b9fd2f6f3a99400812060ec8781b07ae9b5fbc87a6b4ba50c5d41393d4e808a76c55
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN2TQ1nrq9SkpaTLkpaTA:W7BlpppARFbhknr6A0AA

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4840) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPSLAX.DLL.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul-oob.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYM.TTF.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ppd.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp	4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4afe7325cdbbaf6071318a12e0246a3570df583a9e1ca8b2858fd93eb3e07378_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1416,i,17949988676391029604,13756926835471203788,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:8
1⤵
PID:2284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

Filesize
40KB

MD5
3e430debc6ca577234e8ad897037d13b

SHA1
c737458f705619cefc9f7746d2b6554927c3733d

SHA256
58c4c2e52c2e160d2fefa27af4c18345606b7e16f8ad2de81cf7acdb01bd740b

SHA512
597786234bfb588e529b778622bdf73794a78f86afb0cf8e0f5cec21070d89712c27aef77cdc5c688fc09d3a8927a2e53e32c11768426eca85fe90036599cd99

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp

Filesize
152KB

MD5
84cf8e5a67c583e2fcf5e718fafae71a

SHA1
a86dbfa831a5cdc1ea390fdfe17842f2520b3b6a

SHA256
a8189a95465c33d8cd98c7c4abea43d6cf1c1679c002e695a39bf3163c0610ad

SHA512
4c52433f61df9b3294553fd0f53bab689168baf6555dd5e347e3d808b35071273d27c9f08df31e18624af316d9851dd00c8b9c30a645a699d24a121b4a8e708a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads