4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a

Analysis

max time kernel
149s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 07:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
Size

96KB
MD5

f0149d14c46dcfbe605ce715bad5d3e0
SHA1

d9193017088aaf29b7b5ec8ad014fcc95319605b
SHA256

4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a
SHA512

86b5432db67d661c5cb1af263a07a7c759cd9c3fe7c7f569fd3b3704155ecfc8f1b3e20c9a11e145f96046beec8edef979716fd78025485f15879570b28a9050
SSDEEP

3072:9QWpze+eO888888888888888888888888888888888888888888888888888888C:Lpe+ekeq1g

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5190) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msix.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.boot.tree.dat.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\PYCC.pf.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNBI.TTF.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-stdio-l1-1-0.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Concurrent.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms.tmp	4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4393e43892c1fe76356e236677a7c014283ca58b691fde8cf8dff29e60ff245a_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
96KB

MD5
96a331c16fc9efd68fe9ea31c8b54b87

SHA1
3d764faecb998e1c229de2f2ed70b9891af99bc2

SHA256
9aec2562edf4f70778695ad512cbe831115e7d248d4900dd986a446da6366221

SHA512
ef859d62f59f3b39e79f23ca7158a238ddf1f2efd2d3fa7047d193bf9ca436e9d7b6a2354bd1ac024cacb571676030f52565e31d119bdaeb92661be4deaff98e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
195KB

MD5
ed5400c41a7526dd87683923a38b5f5c

SHA1
de9e21bfaf744eafe163d5690f4f12b923064372

SHA256
8a9e0a0420c6f66159b589aa31ba5ccf4577679a344f41d6c74bea1b0d9e4cd7

SHA512
caf90d7a19dd82b60c1c677de36a7bc4683981fbdf9e77e8f32772749c210d99d1f1397f6e1b574c398f070522693acb73f4e78f05f289562e797c104bc67a18

Download Submit
memory/684-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/684-1890-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads