8c364c2bbedbcf20b3f16e7e241bf951ef594529b80f57d51ad73700880079ea

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
Size

117KB
MD5

3e57b3a972705de0c9441260abdcbbe0
SHA1

55606894f151b24a1e546eb00772b0cd8fd8aece
SHA256

8c364c2bbedbcf20b3f16e7e241bf951ef594529b80f57d51ad73700880079ea
SHA512

1134a66ebd2b9c1d9f393181333a5a8fd29efd6fbc2526fd512d513d108e2f071802abf3a2e8cd0008c2047949e71ca1f4ee8449a4b547e463536c10e350a09d
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c58:/7ZQpApUsKiX26S

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4537) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\net.properties.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.policy.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-ms.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\meta-index.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Reader.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp	3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3e57b3a972705de0c9441260abdcbbe0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:5112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
117KB

MD5
322535e40c758a94292d77eff4548a1d

SHA1
cc915377cbca23f322b87a28f2f0ef71a112273e

SHA256
429378f59005abab6d7100476e9fec60ef260e312eaafd27e0e8c5f3d78f10fd

SHA512
f15c2e3f88addb280987af6673ca0046fd8fbe3988eb4c01edb1f3aabe028609f6844e2f6b3e71323dd1edafff076fe9f99f89accea100e95b7be1fab4facd61

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
216KB

MD5
4e74556db0e633e93150ff0a4e6618d1

SHA1
1e4b92307eefdc1a889ca979ca33919c2015b555

SHA256
3873b6754be4bf17d2bd8927c3f91408f2288292386bee8475e93e983d30dd4e

SHA512
39bc85b2fd843ff8b2e33574e2e8dacc9569627491f73cfb25da7c910ebdea322361aa2e74316daf61980873cbbacd75201ad27b2ddf17aea64049cfa64e62b6

Download Submit
memory/5112-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/5112-1578-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads