0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
Size

71KB
MD5

b68022e2cc124b62a9dc2f9af8cb8a10
SHA1

e86ef9bc0252066399922125a91f284a724742d9
SHA256

0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b
SHA512

9aaf1fbfe826d5d88b4fc5ba7c42468b26f49205a4aa9758be220967e56206da4a5078e1d343a709249a2c3181706f7eaec7f79e0872e642fda0b171fcb4bca6
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmh1444X:W7ZDpApYbWjIoPyPoLzV7c6Sh1XE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONMAIN.DLL.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\vulkan-1.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\EUROTOOL.XLAM.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Numerics.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\Welcome.html.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUR.TTF.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp	0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0402f6277e343f8dacbc3cbbdd8a9ebc9e45c480c0f603bc0cf85d5d09e0bc5b_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
71KB

MD5
c1b50ee422f955004c29392a6a6b7f6a

SHA1
b167f962bf86d147e835f15922037095424e4a7b

SHA256
1a65d3f5ef4bbe30e5f919a72630b7b054fb4e747cff9ac539f88d7f00dcf851

SHA512
460b86e99a79210170c85094efe36ae6490adceea8d223d37fbde19b2e4735e39b60f7a09fbfad739398ab084c320905d78c89ce372c864860d61e05cad6b981

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
170KB

MD5
b07233e19911b29a5bd5079dedf2486a

SHA1
02b6215af205e584da56c6903e0c2b241f6d62c9

SHA256
27cb78d2383ef8a21b5dd41ee5e91fb321452f174a7c3724b53c8723e6480f52

SHA512
1f9e82316bb614ec52c9b7f84bed8c4733da94eea5e1c01c38003ad111004a48457bd4b2e2ccf3194e61d46b504e2316c2f392c5365da0b507d4d4f744369e9b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads