12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 00:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
Size

36KB
MD5

6d164d6162589f9a3b068653053c2a30
SHA1

9d9db854a771d9d462bdfc14d6306c3e8ef37344
SHA256

12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b
SHA512

404336de2904c72a4ee2e835c307a120a695101f3dfd1dbf335dce11afea7be0934d02ca12c1f17db307877ffe746c19dfa079410aed5a4192372648e6c18ab8
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN2TQ1nrSLmnsNw/Nw+w:W7BlpppARFbhknrSLmsNw/Nw+w

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.tree.dat.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.map.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\catalog.json.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.AccessControl.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\optimization_guide_internal.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TraceSource.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN075.XML.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Permissions.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.dll.tmp	12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\12e91390e1db2b7fafdbb647e60f5b2d64dcd8fc186ba6ce7a51f5933580270b_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

Filesize
36KB

MD5
75565870f811d7e3a70b939dabad608a

SHA1
138adc036a2d096c559131101a41cd42b8260307

SHA256
95f686763b53b3fa00b0fc8822933d24b55f9f876d0b0976cd2bfc890df608f9

SHA512
7ca64c63adc51849d29a7a246870c11cd6ef28fb677d68dd72cb3bab93b7969ac90492afa0f42f275b9a97e90927520bfc5f6ab5620ba31b585a9854cd4d3340

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
135KB

MD5
1829b2d4eebc8d91e0e53c253e6a8a3d

SHA1
3a5f504fc2d078afbd0d535a59d185d8cf465ab7

SHA256
fd8f1c9c51531a1d880ea49bae5b9891858be35630e937e7fce913622c4e305a

SHA512
40721eef9876b78ea44c2ed4af1559b38af8775777176bf6e647f21f98ff5ac8ad31c6658f8932c529321b47229577c440a0749cf8f3e712804b028162cda45c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads