1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
Size

96KB
MD5

3dd136d349805c74be12b7e1b1a8b640
SHA1

d4006aa13a0ba7eef13bb95fe6ba90ecae4d9c9d
SHA256

1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448
SHA512

2d9c84011a52c93f6baad8414fff82907bcff5249599be5726663e18953b6e27848f012ae6481514f09e3e5d2567eae7500fa3a4654ae7d880fa715d0ad8ef5e
SSDEEP

3072:9QWpze+eO888888888888888888888888888888888888888888888888888888b:Lpe+ekeq1V

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4832) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.Common.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.EventBasedAsync.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Controls.Ribbon.resources.dll.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp	1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1e652fdf0576cad2fc3dea8cda23936978f64c2c746ce382b5cd8c4108eb7448_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

Filesize
97KB

MD5
e3b62fd97b238e666ff47175c6e042dd

SHA1
8aebb1141ac8c91017aa651ebec9405cf70add9c

SHA256
5e30942b3b3594dd47059a90eef75cb9d4568645afa1ee603530d4e915b6c7e3

SHA512
12f3c3422766e4ef3dba83f93b3ab2913806296cf53213bf86881fbd57cf79c04539e224bcefd211bd73c3b54da9fb2a7146861253f8119f6e2ce8c626f587ef

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
195KB

MD5
17a7c62347ab19796e0b200402a8b984

SHA1
264df13f69096c90b9c679a8fbf8e99ec310fbac

SHA256
bd85f244e03c31004aee3fab42e523050ba04a2167c8f404c6bcd61e67c9d727

SHA512
360db251ad1147f38e776995f7c24bc7af8ace640f246b3912a75f439cdf19ab4a80b2c7abd22bd4935a057d233a9a0745e039d4dd352ae7284fe0717c2d8538

Download Submit
memory/2120-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2120-1760-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads