a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e

Analysis

max time kernel
150s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
Size

90KB
MD5

3781a461826f037409eeb64bd03b31d0
SHA1

3a5597b740244af3afe031c451d2394d932952d5
SHA256

a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e
SHA512

4785b9f5169b1ab9ca2d4bb6d88d1ea4605a2be784dfeb05b760abb01a75d6ad16d5d8d74ea309566af2b636d98b46b08f27fefc1c8b5cddec977c3dd16c03e8
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhb:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4744) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\LICENSE.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Primitives.resources.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\af.pak.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a41bf5e2625abeb3c4ed9683f5c947f281f850be9f0650971ac18ec4d60f409e_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

Filesize
90KB

MD5
b572d379a4c80920fbaea2fd9221f97c

SHA1
bbbe1105644b56ec6ec8850b713ed43532d0797b

SHA256
329239a2b588d8bab9fab0cc14a5453ec25e3dddbc309b58b36f771896c9ccff

SHA512
029bbfa469a3e885b90ba880cc139cd8d669b297eaede3b318c453cf5898842e023775e97362e75ef4468b699a3350b86d69890062fa4e9a70ffaccdd205c9d8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
189KB

MD5
7f73768443367b16549711378dc0e9ee

SHA1
307e43f74b5de0a84eb624c2fcaee7376418c2a1

SHA256
74bfb219f5193ba5490dd42402b2138d3031c88187bfebad1a9153c122357cdb

SHA512
1a93268966311c552dbc3b58431900ddf0a91f1fd01063c865ec31fcf190a224bf03aa61860a216021d8aa3f33099a8a54db5dd91e1990dc2b9cfd180dc25cff

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads