35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545

Analysis

max time kernel
53s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
Size

53KB
MD5

7c0d9a19b2d94c5a827cfe01a477a7c0
SHA1

050e62cba41920d34946616d82727ca15c67925b
SHA256

35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545
SHA512

d6fbc9d8f306258d2f62e2378c60a066e7797b27005972ae4226b7244db4c54f7e7a0ccab4c3e59726ed070b85407773b4392debf580f51c1383ad131efcffc6
SSDEEP

768:W7BlpppARFbhbt7Y7zPhwyPhwdOwOWF/MF/bEgF:W7ZppApIayan2TB

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\35aa4788e2205001641a94ae9ca515fbd75b951f8cbb61f4a6af52c8291c9545_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2416

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp
Filesize
53KB

MD5
960d4ea60aac5200e8d4cc8a6d1f5895

SHA1
fce493285e41b66ec83fdf7e47259ea427ec4aae

SHA256
38e721042ab06f36109c721113a241557fec23ab697a527c12b70c656c89e950

SHA512
f329205a7d5e5f9650fe5bed35d0af7edcb6e5c08e182d401f4b6fdc135e6bfc8241ece260835d3cf1c45427440da881f9340506a2771198cc15e2a7990e7de7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
62KB

MD5
27400a1479a7cc5ab25a4d54cdaa9995

SHA1
5dc90330c63585420968e9bb1f9ef2d4a881163d

SHA256
c22c134946131e48f3ef160a24eb9edad14aa5943fe0353b47435fa6ae411264

SHA512
b9550bc596072743928bc1724339e12f461a203bb4653a48c46a182c941306dc827f338d631168091981574cc7ae73bd359b005636320e4051a17661b023b6f2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads