3f8092cab4f5dc60f0d03094b9fa591082cbd9429e3916d634a5eb1fb5dd5a3b

Analysis

max time kernel
150s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
Size

130KB
MD5

3d2f10d1ef82bdf3e83ca1e071d49280
SHA1

7a4e689000c2438f48af0675a93be63915657134
SHA256

3f8092cab4f5dc60f0d03094b9fa591082cbd9429e3916d634a5eb1fb5dd5a3b
SHA512

9c2adbaea73869fe28f2ff12144eb4498b79c4a8eb6014f26020dc843536177c3dd9c2c6f93285b0a1b7f5cedd0753815712c69eb61eea0d0df3a9c51760f4cc
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXB85c50KPKJ7g:/7ZQpApUsKiX26KaP

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4742) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMePowerPoint.nrr.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-BR.pak.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\optimization_guide_internal.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-phn.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\javacpl.exe.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\DBGHELP.DLL.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb.tmp	3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3d2f10d1ef82bdf3e83ca1e071d49280_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
131KB

MD5
9ad5a9444741417f0520a33a502d387e

SHA1
139da48a23d6353c51ab513b4f18888219fa24c2

SHA256
1145c95b96c3c349d05e4c886e3402d8f18e156a79c67c6ed852efc9f023aaeb

SHA512
b04a8f37006ebf444f3eb5365771bf163feb04bb0461f5645486d78203f584cd0519bfaa2fff8120002b1056c1a0876918d8edda3ed09324a38402200c20559d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
229KB

MD5
0106ae434c7f06e18d7a946c1d4b6d57

SHA1
da04802e1fe78725963464894b74af8a32f4ffaf

SHA256
29c71727c59e834ec1def9eb6d17a33f8002358f9f21d015e01ee218d38584e4

SHA512
27f809aeba6687a5f970994647e41d0b80fafdccd8352dfd69bcb83783a4f5bbab7eda59fb3b3349939ac861399232b118c1cf507ba9bf6ac238cb9b16eddeeb

Download Submit
memory/1124-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1124-1720-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads