1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
Size

54KB
MD5

8eebf8336ac8632f0f71796700f66c30
SHA1

3bfaf3b6f2282c3727085ee69b01bfe562521c15
SHA256

1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3
SHA512

7c564d4fe7cbd2251831e739e7acab39f1d880e280d428e285170582e4e44c13eda02094d0455d3d58d048852bce243c0030de05a52137b5d2ec90ace30ec081
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNKVkVYLMF/cnacnw:W7BlpppARFbhFAYLMF/J5

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5200) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackLetter.dotx.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_wer.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nb.pak.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WordCombinedFloatieModel.bin.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.resources.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.SystemEvents.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000C.DLL.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationTypes.resources.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp	1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1410fe8dfc50fffffe76d619597243b8623c08e869e6e98ed2e1f0712b9d72e3_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
54KB

MD5
6f59cd63ad23121e3efb8cc77a367a37

SHA1
17f7730a1cde181c62cce43d1e0753a3961ce93b

SHA256
ed3b57562035f19e0c7d11bf752b85c326cbc2b752b763e20eae8f0346145298

SHA512
29446c5a739b47fe8f7814e4486558c987449ae143a5cdd311fe89f7bd441b886d80f09bf81a4f5c6b6eccfcfc51ab4151c97fa4aa58889bbcc81ac2b517dbb1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
153KB

MD5
349aceb1b73ec54d839d3bf622d39f96

SHA1
6cc7edcd98c116362b904f135432780b4693c318

SHA256
8d141133dbb5a503b05a85b7dcb596336241f91b0435a111be818ade754bd235

SHA512
6feebcb4e32b76019826ab58178a26825a5553250c2b1efe6a4a5048811868c296cb7dac10f2c9336d1fea32920c364c0042d77725bb2e22812b235da4dfc959

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads