323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf

Analysis

max time kernel
150s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
Size

81KB
MD5

dd33ec33103ef8599816207d91ec06f0
SHA1

1c1fd287a24a570fa934c9a22f9e04141d55e0da
SHA256

323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf
SHA512

ccdaea4a82c3d3b5b82992d4b4493e615c9e96f88af880d528081625f3a3f58d571a5370c8068498c0b0dfe497649a79e44f71695ba74681c2697c087a269e07
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmh1444REXBwzEXO:W7ZDpApYbWjIoPyPoLzV7c6Sh1X0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4868) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.DLL.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\am.pak.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsBase.resources.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN110.XML.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MYSL.ICO.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MML2OMML.XSL.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lt.pak.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\110.0.5481.104.manifest.tmp	323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\323c8da39fd43b3493f572fea68531edfd4e55061bc8ab0be5816eaed7711acf_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1508

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
81KB

MD5
49bec1f5c694b2923c43cc4c7e07be1a

SHA1
00212c85a152c72262d4365f5d88623266bbb562

SHA256
3172744a2815e6f1833f54c17337644ac4c47af228281d98a190be4e7a88ecee

SHA512
c817b13ca6f427fb04d0eb017c95f6463e9754c82f28f429a907c0589b25bb68a4b75aa33a2415211afa023c6e6a702c72f48801f7b7d734fbeb6effc2dae9e2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
180KB

MD5
ca0b56e174918a15f7446c4e2a1a3efb

SHA1
69bd1dd9418e78e26512877ba4e45155e0693b1e

SHA256
c5b5789646bb9d6a05fb0e77d390c7a8958c7a09e64673df32e0f8e4e2f7b025

SHA512
0c72b8a958fa254f2ae57b4c653ab4120067ed087feef5412775bb41c56062fbd1789d9202b35d50f3079b8487d037333dffee8ad507d95aff3484abce437de2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads