ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd

Analysis

max time kernel
150s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 13:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
Size

86KB
MD5

341aebd942111bb8f7d2e1c34e0d6b90
SHA1

76673dfb1276caccdf1b16d3b0f457a86d9b878c
SHA256

ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd
SHA512

0a10d93ea1d1169d122b09934f10a5fea3d235f18459f681eb3b3986316feec58607edc07f4bbbe3dceedd4dafb8e85761fe3cf00206eef3a1d9d85d67032e47
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t5m0m69YUpCUppXxXTXxXZ:6e7WpP9oVLQthbYY9oVLQthbUrt7t5m0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5074) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationTypes.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\CloseRead.3g2.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\EUROTOOL.XLAM.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.tree.dat.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-ms.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_iio.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.tmp	ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ae07a2e54dc3bb7c5d9079767812ddabdf822acbc36fa6441be435bcd5dd19dd_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
86KB

MD5
414b3d8d0c8cbcb92677fb5fd44270cc

SHA1
3db6c9fa47ad251ec02e2741bdcd3bef50bf94ce

SHA256
7a431c155b5ad04f4793797861e4f370b2d4b53bb56b8248002d51e1d95a4334

SHA512
95132b4e42d7d8c272e003e980b3f836e13eae0aed50c237675475a986d56d81f39a147c0044088d06c504a86f6c2ff47f53d2f334ae5e8d5838f91ca36710fc

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
185KB

MD5
9ae328d71af4e6746632a0f481664523

SHA1
6b3ce63d62bd40be8852dbe707d7dd14643f3766

SHA256
1540a7b3045b0f095b8b5ef4dc7750b0efe9a3e42e95e6e282e96b766eb4f763

SHA512
24d35c5920a5ea5326e6d186f3e74f24016160cd0fd95d7465461a6d42a60db17f6abca0eb9ba640bf50833671c067f3b697f2078662acae8b208cf328f35ed6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads