3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb

Analysis

max time kernel
29s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
Size

83KB
MD5

77773cb744ef106244a2949fb0648a90
SHA1

2c496ba644abdea863872c61780c919fb1fe3b00
SHA256

3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb
SHA512

eb29143649186fde75cf02caa66da1c32cfc989df437f7d9d70a6423830b23b4c3205635273fcbcce406bdc720d563160df999f56663a75f8ad8507445409cbf
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBK2LUO:69WpQE0zUO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (711) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\dotnet.exe.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.VisualC.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3386bc51d56d3b1efac1c47959f47b5ad853e92e049d098bd116de4a99a8accb_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp
Filesize
84KB

MD5
d20497761a329fbd54131aae63cf31b4

SHA1
a903b8307fee27d51b86cfcbd2a27ddae410c72f

SHA256
e27ab3d63ccc4ae4949d24f38d53973edd94966a032a7fe2e36fdf4eaa8849bf

SHA512
ec365eb86d859cacad2d96d440e9260b4c59687f82e93dc54b4b3acefb5c8c7f07f8c5378ab30a1ee2c3d36d13bd2ea3990720b95a5f49a8d495337d55fd4fdb

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
182KB

MD5
717b0018cc4a657190ba5467178fcda4

SHA1
9c42073d44090ea83a1ed61ff05aa6870741e4bf

SHA256
a3d9e36951ae662675beb312d3419267e0bbfcc43182848192232e23553e87b1

SHA512
fac29b6ab23b7c70936ea032e081023bc9b4b18cf29e5f5e26c06e69ef02f5305ebd332a59ef97685d8b748fbcbda70443d05af249bcea20f29eb1466f51e0f5

Download Submit