331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
Size

38KB
MD5

3f654599d7f06ef814abc936dccaea70
SHA1

1069433ba3cdd3406abe348c3e17364039281931
SHA256

331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5
SHA512

5961403b03ba2561d101505c8fcd591c03aae7f82a71ef7e42a951c2f68cbefe71ad49ef689e929dc0d42e76cc152e1bf690ef55d16de4d9bc0d68cc7484a57f
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN2TqXSg4vm3lXSg4vm3JF0FM:W7BlpppARFbhaKM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4823) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-PT.pak.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-100.png.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Xml.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000C.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ul-oob.xrm-ms.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.tmp	331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\331d9ab0f6b9c74fced691f0e533bdc35b5e993ac1de7a002d2c4999a4da73f5_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp
Filesize
39KB

MD5
7a154cbffcb2ccee14a885e673e6410a

SHA1
18c37667c314bd329d74f34addb1e2242cb314f4

SHA256
bb775a12b2dee5d28ac2b9056f7529c924e0ebb8b994ba61ed4e0810051d1353

SHA512
8131ca902b4bc1fdc05247b2f1fa84074c6acfd18210aacbb6c893076c026a699915f84ab2b818688b422b11f747cd29d751863788eac22751a2a6cf4149d534

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
138KB

MD5
dbdf55a68342a8344072d59b4c81d40a

SHA1
4f04a953269ffd0db73310ce27fdef0025b66b1c

SHA256
0c5a91e31150e87a3a4619cbee432ab80427e4d3b4c85725c6736db2428c9bc7

SHA512
1129b5fa85278f654abb3dcbbb733d09650c233954efaace8f97e5ec8670f9a3fcb0fa28161c62d34d813a8b32bf7c9b39306f8a7b517edbd1e98e7e3db2f1f9

Download Submit