047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
Size

76KB
MD5

8fab3c5c3d145335cd291fcd8532bc60
SHA1

5c985405a19ebe47d60644593987bbbcc3694032
SHA256

047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0
SHA512

252a6ade9f13286a3228a686c5da12e3b6de538ed4ca04a99b060b6ec78aa75a02d2687f3e5b85a6ae65a09bbbe3a79f8222ed40614c0aaef1f4fcfc9d9ea2ff
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhd:6pWpUFpEhLfyBtPf50FWkFpPDze/qFss

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.common.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-LIGHT.TTF.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_sw.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-heap-l1-1-0.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osmux.x-none.msi.16.x-none.tree.dat.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointPortalSite.ico.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsBase.resources.dll.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp	047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\047320579e9333c465cac76f3988ee55f1a53234f245215413da679ac6491fa0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
76KB

MD5
12faa28942e940b44893159b4470c13d

SHA1
aec38843e7b0d6399ee955f4838c5b870b1e3b04

SHA256
54bd66a67c44100697ab998d7504fde03e22f8fe7293e05614944e190728e683

SHA512
f6f6fdd7890a3b0126bd7d6da7cbc768fd9fea62d57d1703ad0f8297ddd1dedc90e6d4f16a422e5c8ed84e93fb51bf8144a29430c189f000c61ce65d2d384950

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
175KB

MD5
6697b45e334738308a65453a36684dd2

SHA1
03f5ae4f61f8bf5c67f575a267ab228ee2bb9570

SHA256
b34b1c20801b5e067a2c773b827e54fc19626da4a8cd00602d2a01233ac8deab

SHA512
523c7f3de9fbc4b7b74f5b0472d29a917e250c30f961142cb90c7242b4d2b806085847ae6eeae4841c7af70956055d4b832a4b5e20e2aad5ee6c76c43bf798e2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads