c0d34aa0917452880e0fca8486ce432d4448421c1214eff7e91a489f3298e6f7

Analysis

max time kernel
150s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
Size

129KB
MD5

5d3a538a0255332864dbdd02f3671e10
SHA1

f3df895adcb6aade06b91d4e5ef9edfceab1cb7b
SHA256

c0d34aa0917452880e0fca8486ce432d4448421c1214eff7e91a489f3298e6f7
SHA512

02f9774eb9f1d92e96c96dd6ba0a6d5feb39fc9a57099624f60a4c3dbe560d272f6df4f23fdf4624b8a2ae62a6853f3d4d631d5159254823f115bfdc721e7051
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBOF:/7ZQpApUsKiXBvzwvzXJvlwJvl/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4914) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL121.XML.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\management.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoia.exe.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClientSideProviders.resources.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ppd.xrm-ms.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSL.TTF.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp	5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5d3a538a0255332864dbdd02f3671e10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
129KB

MD5
1880a383b3f661148521351a3076e547

SHA1
c2282ac1a6f38f43fd023afbfecbf9ad817c195b

SHA256
6fbab2341924e8c3e41f9a9dd524968ef4f65200c8592d359c67ecb2c063abb8

SHA512
be21caada3c17fe420d3e6a91234d76d5f5cba6cc55479d79285f698349befbc1f640a685c1d5902f5dceca78465dc9cf425f884605e7f9b1cdcd39ba691a78a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
228KB

MD5
c90dfd6ed3d3f7363a7c01725385c65c

SHA1
2caa99ee059513de5e6fbb1e86c32bdc15eb172d

SHA256
e6477a932a6601edc976b489b41be9b0b9a1345b87457660bce51d6559d25b72

SHA512
d753ab744e42a0e2b02175306372d8fcdd5275e6db6ad6310f0fd5a6edbec69cd47b59116adeaa97d05ea6e950fd502a17a94c02dd9f1fac7a3697329ac3061d

Download Submit
memory/4612-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4612-1784-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads