334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
Size

55KB
MD5

82efca0e8979c7121d04e1b32f48f380
SHA1

e0e21ef908baffd03b5800fa96ebcd3ab196068e
SHA256

334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce
SHA512

796b21ca2b2af3aac158b06e2eb1c977921c3bd73b2ec99074fb77902c2567dfee4a8c23ce085a9e23c51a7f8ad91c94488a548dbfe7584cef7bf68a5cdf2d0b
SSDEEP

768:W7BlpppARFbhbt7Y7zPhwyPhwdOwOWF/MF/fweJtv/bt9G2XO2XJPu:W7ZppApIayan2O

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5196) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\EditRestore.rmi.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.tree.dat.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\optimization_guide_internal.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.tree.dat.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\net.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\powerpnt.exe.manifest.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.HTM.tmp	334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\334e4867a327eb5df421cc14ec3f98ff8d93d8f4aeafe870b0f80c283f9ec2ce_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
56KB

MD5
82e7d343b0b22cbf65045317bc6e2bd3

SHA1
4333e1055a443561baacd892554199834b753cbf

SHA256
2b0e03de269465b2c96063d6c69d03f7f57a43999588df6a5d82ef1471653664

SHA512
45615eddc5a8d22a52d39a88a8257337aeb5d3a381acfd17a529ba97438449aacca5e010a0a23f06e839b18707baabd2c9bf9ba8bb0f84bd343874ea56a70fee

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
155KB

MD5
0a959d45827d97942b913936f13e771d

SHA1
10da4e2cc72c8df9c495130d6edd1bb88a2ca7b1

SHA256
ba75e406748442b5067ea2dca2d1242d28aacb6b0abef6db259d5d8543d34c54

SHA512
abf14dc6fb511600666d605f60dafda2d283db71a63f2183e1f724f2d7fa4a833207b08b30f0ce191fbbd8e8b8c9597ef28bc9c00590b95036ca991bdec38e6d

Download Submit