3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba

Analysis

max time kernel
149s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 07:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
Size

76KB
MD5

56d0f9329bfa8214bcb39e3fa06431e0
SHA1

f8c6f070eb1571e393f04b9280ab6a73e02eeec8
SHA256

3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba
SHA512

9c994ccbacade3eb7428447aa12e944775e5b518c45b1bfa35dc94e0362670f390bb5653510fc928d77872ec31198259f13beb9a51753a97cf6338196ff6a7c4
SSDEEP

1536:/7ZQpApze+eJfFpsJOfFpsJeFrxFrd4NK/Kk:9QWpze+eJfFpsJOfFpsJ0rDrJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5204) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONLNTCOMLIB.DLL.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN110.XML.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN121.XML.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\InitializeGroup.xps.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN048.XML.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL104.XML.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sk.pak.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VCCORLIB140_APP.DLL.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader.dll.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp	3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3e57b94a652f855dd2f930adecd3693d80dc4d517f892c831252611c886ca0ba_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
77KB

MD5
388758aae069c7615db9b2246fef63f7

SHA1
901ce159d3c99e2ce41cf008d4c60bc98180c7dc

SHA256
0466435455379612ded1fe5b5a81aa2b00f2749eb3e15f44bddb690c6b047688

SHA512
dee3fc81eb19e3d191ff3f3722621a2ceb7bb01dbce9c2888c6dd7baecc05ce7418543b3141e8c4bd30a85e94cf3619525e04fb3f77941bc23dfac6a5f24627b

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
175KB

MD5
54e2ac8f1c922d2aee369a75b3726f8e

SHA1
8ca98d630c8c494f93b95d676ce9dafedf4cd31a

SHA256
55fc2b7ba3ab40ddced74216d793d9bba03babd8881f5b39a464f0fae72d3d6b

SHA512
f5549d16574aacb2570299135a7bafb20814fc528dd77a62e727cb2f3dc3c94f66fab933b72b067726399e3daa107af78c77d5c5b6647a5f7a4f1772d7ce2abe

Download Submit
memory/1876-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1876-1926-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads