3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d

Analysis

max time kernel
150s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
Size

81KB
MD5

26581b429795353c5d0ea4e653d3a540
SHA1

2620125013c42fbc661b0413330fb8f27635f96f
SHA256

3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d
SHA512

02e13ab65af1123981fbfca596c9ea1f80c5e7dfa98ef754b7bef78cbd61666a00d0d461498338624f74c08b0cbb9a995ddd8b6d50d97c546ce7035d228831c2
SSDEEP

768:W7BlpDpARFbhYQkQjjIXYvPXzWPXzK3733uF4V7en5c5HChCrmh1444REXBwzEXT:W7ZDpApYbWjIoPyPoLzV7c6Sh1XB

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4657) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sw.pak.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Tar.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\LICENSE.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.DispatchProxy.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\kn.pak.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ro.pak.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jhat.exe.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l1-2-0.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3398f04df4a4b2438efa815f265d65908349c92f68d776168bef9e7eeb1b219d_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp
Filesize
81KB

MD5
fd8921064a85d6b86ce22677f79784d6

SHA1
d4e1cf3069860d8ab17dfa8b04dc4e48d7f7961e

SHA256
629d432e29c23d25c7b64f6ee5f61daf9bbccef8d09cbc5162f58efb48b27429

SHA512
37ddba3ff6d4ea8437b442d22c7a9793cae6f20674edf955e8f0818ed406542ca29bde233b550fb8252efba4cd5195638a3eeb13fb0e07b9be1d7006f57cc1d0

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
180KB

MD5
c18368e983da4c480c0d00337fda98ec

SHA1
0ba60bc4f643390979859a73247e7559db56a5b6

SHA256
dcf0ad6341e67a6de2353d20e74056fd17d815d08f73dd1db7732aa9ed6e8a7c

SHA512
47e4fa7ac2fc0fbef00c51e86754e844f7b8a0bcfbaae13444fc4194a45ad031422d4a9ba5e0ec33260c7a19daad99d42ef0afe86c7a22c2783fb83585cb3328

Download Submit