33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52

Analysis

max time kernel
110s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
Size

46KB
MD5

fca6fba96ffd93021b6b758a9e970250
SHA1

88c94d758b2d7f1070f4d3158ec82ab8f7ef7510
SHA256

33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52
SHA512

b339888ddccaafcc84d8e107639ee58600417ea23a714cfa0fc2112044df1fcf40c7d76f88bb1ecac37b7e12d0ae0bd7598d4900431f40b14deb00c2fd36164f
SSDEEP

768:W7BlpppARFbhbt7Y7FoICOiJfoICOiJQ444ZqcjXY/IjXY/rL7:W7ZppApWmjXWY/IY/r

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4437) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationUI.resources.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TraceSource.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLISTI.DLL.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp	33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\33a13c709b8c2bcb8f03d10f39bbe25a46ff74825c01470db0135e1da6920b52_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:792

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
46KB

MD5
50016de89383e9b81d28a921d4358a62

SHA1
c2e03570dd95633b5a01c458010ec19f86eaaf49

SHA256
b103eb5d4d7406fabb6fcd3f76b48ea593324d9a5898e09c54fce3d5331349eb

SHA512
10c16b1961753581b4f161f54778617e5a8234175d1e46b21eca5d41638949fa43b22a8f0c6e73195c466b848b31762a70c0801953892fec9e51aee8602b28a5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
145KB

MD5
464865e21ba26a3f36492e1ea004e66e

SHA1
8a0e0e1b309195a6bee269738635fbd1324ce3a8

SHA256
a4c4ed6a62c0efa7ac8f0c1dc8b764ee8fbf55ba64d9eb3137ac5018a96bf82d

SHA512
feff03f4ea5c1c193f9943942e99e1adc2af3a8c67920018ce9fe2dd238afad44503d07c7cdfa748c8bb47e39cdc4b31f4b447aa784a55b39c3f7aa998c4ea7a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads