9db3293defce2f326d4a9757eb26e2c0f71b27a6aa2b8940fe77cf1806a848e9

Analysis

max time kernel
149s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
Size

72KB
MD5

30bab38ca28f5ace1a9da25c33caba40
SHA1

1a58588b6e7076a098a6b6e120c04d1cc722bc2e
SHA256

9db3293defce2f326d4a9757eb26e2c0f71b27a6aa2b8940fe77cf1806a848e9
SHA512

09190e9f5c0c1f8bf343a6fd7cc26893602843a000bc7e1be87d2faf1dde792841a7740097b633ed2f8cfe79185f1aacf3bead179be26056d7073aa40be84c90
SSDEEP

768:W7BlpDpARFbhYQkQjjLaManvFNFO/Ms5Ms2FjJk9O7X7vX9O7X7vR:W7ZDpApYbWjCDOcJO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4830) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\EXCEL.VisualElementsManifest.xml.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\LICENSE.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClient.resources.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul-oob.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\icudtl.dat.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\ucrtbase.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\currency.data.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Csp.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ppd.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WORD_WHATSNEW.XML.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\30bab38ca28f5ace1a9da25c33caba40_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
72KB

MD5
f4a24f6ea49784251b0882a88c44025c

SHA1
534dba0483ab4386494b6e08865c97a6d53c0a09

SHA256
6cf262c8702e343488f4b05c4d1bdb6e0a17b77ac68a1524cf6ac1c0f8bd4544

SHA512
b933589d2b26efd6396fc08b8ef04da9ff7926ba139c9e7d775bd30b79677cf007d279588eaff80577105672120d31916abe9bfff5dca9eb10bbb35996593f41

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
171KB

MD5
a7ad5231d992fbd7e59c2cbeb629d322

SHA1
2398b47029d790c3920963c60d98b5553d73e692

SHA256
e52308452a57909b4dda2a7f1053de292d4a7d4eb9bf01d72595970d1bbb6b64

SHA512
7cb7b9d73f97a3e7fcf01f7f08b3516f1211a3e1bc8024f928c5c3461b6191f54072e8976e72418a53d4d5c1715822fc47f339a62a78b77359dc02b4474009d1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads