221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
Size

57KB
MD5

3acbb54c33247f37a3643fd46c0f77b0
SHA1

32ea73887f97612b06bff64fc5cf3865ece8c24e
SHA256

221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5
SHA512

62d25b93505ff9ac3f97009dfc3dfbde2a9809ac62824c01d47f8ddbd747ae74c1f91287711dff909f253869536a7d37f0bf4be354e69c2f6cbe48ab802e8844
SSDEEP

768:W7BlpNLpARFbhblkYlkuvIYFR27K8WKnFIMK8WKnFIhEXBwzEXBwn:W7ZNLpApCZuvIY0KNKnF3KNKnF0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5235) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es-419.pak.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNBI.TTF.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\onenotemui.msi.16.en-us.tree.dat.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Input.Manipulations.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark.png.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPRESOURCES.DLL.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Extensions.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\th.pak.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-math-l1-1-0.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_FR.LEX.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\221379d93385bb16507a23ba419f6e18109d74414a149bb79aba9fee78fdc7c5_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
58KB

MD5
d6179ae4848f15f52e7b5dc4bf5d1b57

SHA1
59a2775eb33302699794e493677cdcb7e03b94bf

SHA256
9a2e22261bf4942fd6e774924e428a20fb5831a47898e7fbaff4c0ac24bd2a82

SHA512
f2fc6e2611b821db1b7ac8d46cdec27b4b21f798fec36be47885ee2e16dbbbf7ae5a3b50b09f6454cddb24c2008175b058172fdb72a4337cc60c930dbe847929

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
156KB

MD5
54fc2082f6b1f08cd4effc7ee3da7eb8

SHA1
348d4b575df7de76dee90ddbe5a55af72f1fa542

SHA256
ea8775b2a30c82acead14d00bda45c28b2ecbe8f9fa5dddbc3b808dfaa632dee

SHA512
d06d1f06a504bbe9942bf0411117836054f5f2c14f44c70da49028c826a9509bd96acb114f79e2404b79eacdb5f8ade643bf1454a077d4e1fad09c01e53fa38d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads