087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b

Analysis

max time kernel
150s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 21:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
Size

45KB
MD5

4fdd29ee2255d078f9b7f102b3ff3ee0
SHA1

bf2861245cfcb6a0034ea80bd5877f9f58409b6c
SHA256

087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b
SHA512

5e7a36948658ff73cba3f6d0389fbb7811c4bb14463f67618cd61ddd78a8bc5eae36819301e76523ab75a33a12aad4811804b4f21a63bdddcf6cbf854158345a
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxAa2a//A:W7BlpppARFbhWJmAa2aQ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5241) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\am.pak.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMB.TTF.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSL.TTF.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHKEY.DAT.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CalibriLI.ttf.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.TLB.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp	087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\087358defae20fbbcaf4a0ec96ee8e1bcb164d07b4c707e961dd971fc1caf81b_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

Filesize
45KB

MD5
aee433001c96a07dab5d94b5220b3e96

SHA1
6569a5f657bcc37f5ba7f07e2ce770ce4fe8cfbf

SHA256
607c2bf9e414bb574df79fd21f26781d5906d2bf15670e874e45cefd0d6a586a

SHA512
de04fc3ac0dc4f0ea4fb299668a70a986500f9517291985c8efa77e3773cb4d1a419e62fa1b6f4d37ca3106e40f62e26e9e45a8583069b1641fc4c4f5e370abc

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
144KB

MD5
d73e62ae78e64f72b08e9734d00d358f

SHA1
4b0eb2d94763c26ea0011817bb9011829c3bff5d

SHA256
41cfc160fe1326c1847620b95eb26751cd40052c53e6602ea8eff5444be52e58

SHA512
a090a3fac70d179fb63d22009cf53fab0e59f73289a1c40bccd06ec7b3a01392047172426bcad561319451d486ee63c90c9c5120daa1dd427984e21562bdc60b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads