38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9

Analysis

max time kernel
149s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
Size

37KB
MD5

5e4cfc7659d0bd94d5751e0ad85db950
SHA1

9105e7e73aa2b98dd785855fba142468ff016152
SHA256

38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9
SHA512

d21dffaa6d1c2e24245a4d577d5fe623f5c4f8a6357afa0bed38a47823e727ed761e3defb5ece1399ad65c6c519dd3caf733efe3329b924213ee4b579a95fba5
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBN2TQ1nrq9q4+:W7BlpppARFbhknrl

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5190) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICBI.TTF.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.resources.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Primitives.resources.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoCanary.png.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\rsod\dcfmui.msi.16.en-us.tree.dat.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Input.Manipulations.resources.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp	38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\38d71330ccd1c2305dd8e89cb16d451fb77ed19fd884d416e4bcbe7adad9f1b9_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp
Filesize
37KB

MD5
b4bfff7622d8aa9e23e3009b37583807

SHA1
3290bc7375a6c72051b11b619218cd129490964d

SHA256
736c38eb39982c5f3772f9fed2ac7214f07dd74b6fa2769631f22b4d5a8ac4ff

SHA512
b6e96a8248cc1d1be8506c3820a944e76710b560f0ecd943ea6b295fd43fa65733d0b6a1471fd0b0f4398071d59b658d640b43d9b5d2044e8bfef68f41955460

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
136KB

MD5
a59fba2efdbd41193ebe07b7a94cd718

SHA1
c07309ff00cef95c4938813fee8f9793fa715926

SHA256
bed0394eca91dd2945fed3157d66116a0e0078ebfcd2b6840aa2408de77834f1

SHA512
e85c4e34c3cae327de7de054d6f52627ebacf58d3a66ef46ad28639c1519e0c4cc6b989a525bb77864c7edaddf68e6adea7e8b3e99506833bfd53e48b8144362

Download Submit