34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3

Analysis

max time kernel
26s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
Size

49KB
MD5

e6c8cb6b69fdccd06d66c8b8fdce2670
SHA1

e44cdd808bd20f29216d281cf8ba1eb4a685fd28
SHA256

34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3
SHA512

59a55e7a094f79553310aaf10c05931176395e0cfbf8f3d9c9b1413ef109ac11aed1e763321f6b1d50ee4185b01023a37bb1830a20b28398a8b385c6a541009d
SSDEEP

384:yBs7Br5xjL8AgA71FbhvhwMF1XxXEh+v8WBApsBI63PBApsBI63xsm:/7BlpQpARFbhtF1XxXEhk8W/Bsm

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\BlockUndo.M2T.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\34e00734ac67b7a70379961d4763fbc1e861039741c5bbb764b43ce8dd990fc3_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2424

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
Filesize
49KB

MD5
906ac6c0bf25ec4fa06b86eafd22cd91

SHA1
068bca825e49573f4dafcb5215b31349f6f6c2e0

SHA256
f5381aaa67b817a5536c02b223b499b195452ea152f357a3eb3952358e6de426

SHA512
f0e2b7bed82049cd0955143d856a56057ed98b053bbe09c61b19940c11152ef39005600c0bf99e42ddc577ce66fbea5f3702ca4368213c95498eb23ee634cd37

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
58KB

MD5
6b1ef0e14d230e79d561f68796384ce8

SHA1
86b35da12bf4b671891d4e0e88e0c24837af88dc

SHA256
5e5f4ad779916af5b3c7e0446907595c623b34bea5e51a6be49d7659c3ee087f

SHA512
b5171250206106ac4b61b9355215297efe90ff3366f7bd999a299580128e72d430354571ae4c971e073ff3bde4a8c1e217b115b4e6933e8ca923be3c27330139

Download Submit
memory/2424-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2424-182-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads