1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee

Analysis

max time kernel
150s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
Size

91KB
MD5

860b8c5ac6dc360b29de0909b1f88510
SHA1

736d96d3c7f5978f157be7090250c9bb4d323c8a
SHA256

1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee
SHA512

ebb9834d2ed38c3b000d84bae391bf722c064238d5a4d1f25a5795945d59bcf1e0b3ae2f883cfb8d6260c065d0c63fbc7b0a3ad25d9e44695e5efca409b4f139
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/HfFpsJOfFpsJS:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfFP

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5184) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-pl.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryNewsletter.dotx.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ppd.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\libEGL.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc.did.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\vccorlib140.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jmc.txt.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-pl.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\TimelessLetter.dotx.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp	1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1e68e9a35d32c79c98290e01b10cce249f998b680d433c4cf887f6b96affacee_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
91KB

MD5
3f18f927864a98618ff233ab3bca297f

SHA1
8706ef6165d235a8fa7cb9d4652425bd6797de05

SHA256
5ebb65f83f117cba1691c4c028d88757770a6ddad2821cb8ba85c3b5b30efeb4

SHA512
a4e4db6db46203561966b5ddb0710ee77748de52547892a5d3fb8d14c7a09c2ac389a31b2c8bd65b1e57c4803dc89eae45f5fee7cc3452536a3876b35e7eaa1c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
190KB

MD5
1ee7abddf8947554c3fac0e4ba4051a0

SHA1
5acfc2c47f99ae29fa1dcd345a4b9e221353ccff

SHA256
b2fcad2061c12e57c92363226a72b3f2186ec34d5fe08faf95de9a913fcb553a

SHA512
20613b0d66d23f3b335b3abfa64135f90905000d33028ce2f43fa1519f265322af8acd630e79bfdf19a9d1e59fbc20f34fcb73b7ea76fbe7f26234bcfaa8b023

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads