398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117

Analysis

max time kernel
150s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
Size

51KB
MD5

f7011272e14703dd14e9f4b1895d4ed0
SHA1

0e030ccdf30d3d25d37d20636bed9f6d7552cc5d
SHA256

398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117
SHA512

597c8ddcaf294a93426cbecf5195bc713c57b6875e830ab6f2505ef4061a762ac71460edb35d52750eb8932e04823cf47aaa8f42d885035f3809bc5f291d81e1
SSDEEP

384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFAHsi3:W7BlpNLpARFbhblkYlkuvIYFdi

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5275) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Input.Manipulations.resources.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARAIT.TTF.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\README.txt.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-pl.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable.png.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Xml.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\icudtl.dat.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Extensions.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL020.XML.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.tmp	398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\398486cff13d9fe5943c1e122391a3c181a386a3ce9a5099bd3a9ad34f6a3117_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp
Filesize
51KB

MD5
60592f9b0c37b8f938316465d64d7cfe

SHA1
8b4a9d1bb7500b67cf8abf0d03cd1f29120f7654

SHA256
72905dbf0697e4bf817aa9d0948fc5ab60efa6bb406e9928e59c39908df5c866

SHA512
c63d675120d722145d1f385f26298fcd3403ebb8c2ce53b4c27a8b5e24db9979be264e2750db2f6ba6d08a58c2ddbd1873dd9ed439a8146ef88aa71f721d4c31

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
150KB

MD5
3fff72a45c62435245c7da0091d1420d

SHA1
6a8d6cceb8910c117e63b7247d32b6bfc6409eac

SHA256
43876e170a0e05b1810fdc713a4eed372ce6e3e95c6669c2db37bdb465726961

SHA512
ad89714ac0428a497c634011d9cebccdb74196ab38cd0969a7c1f4aff973293b274e4158bb7665fd08bac257846c1ee459011febc46b4c98c86aebf44e8fea0a

Download Submit