31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0

Analysis

max time kernel
114s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
Size

40KB
MD5

c8fc5f98eb277d58e9f467cb1bb5ba80
SHA1

1db5bcfebd74760ee8896c23821b99e09ef11dcf
SHA256

31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0
SHA512

e4138dfab8710646f798ed21adc776653c548580175b52b5015f92a67c932da714e302ef9429a04ab86a7faf7d306e4f0037392694089fc5a0731e38aab2d964
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN1qmq4Gqmq4MAAAJOQAAAJOo:W7BlpppARFbhwEnAAJ+AAJJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4374) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-phn.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.DispatchProxy.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\nacl_irt_x86_64.nexe.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\31ce68cc39645f80f48781083ba9d2baa6e23a94344366c479994fa83a891ba0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
40KB

MD5
16fa606c5dc03c3ec2d99676dd4e8aca

SHA1
39705de089f1491f049d876b4dc60d3bbf91985e

SHA256
e984db5acfdae581dcfeb141c284d5eefd0f00dfcf13071ccbf0637f4efb2724

SHA512
0f85e6e44928453d32993c26afbca5567a46309c7e8bfff58017bde7e4e1c7efffd2657bba916b38c817897aa1bd13a5ded5b9bc1e998d763f0009489713fe33

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
139KB

MD5
0f65873a499f864c1575fb3bbd370b72

SHA1
8926d78a425c0ae1ee807fcb86e54a2b1cecbeb2

SHA256
ab391ea0039a6ce37033d46c52652ed7fa918400d170a870c291e3ba13b1ae39

SHA512
ae68545ebddc10c011e16beb00ef69e1a1f5917233b18eb72021905920b0676cdd227f92bdb666fbbc6e5c5b51ab694af0039e9d39ecfd178ea56b77442d366d

Download Submit