230063ed261d8d368af99a785d0fd549f5b34b6beb39960696007dcbe43fa4a2

Analysis

max time kernel
150s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
Size

63KB
MD5

38d23b268f6fc0e218fe3c5c45b99c10
SHA1

4aed656c3aca858ef46e829dbbdcfeae2974a9e9
SHA256

230063ed261d8d368af99a785d0fd549f5b34b6beb39960696007dcbe43fa4a2
SHA512

d9a4e3b75c8b6c22839d695cd97f3d4975590d23eae5c4cdaca68cf2ff659d3b5e669a41fc41f7832251f34d8caee0e42c4a5aa079cdbc5994bb35e5f48dbc5b
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaJjYJIJDYJIJJZwNq4vx5nd5nFK5c5ND/:W7ZDpApYbWjy0e+eaN1NdNc6/D/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5027) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrgc.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.dub.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\REFEDIT.DLL.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.HttpListener.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-ms.tmp	38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\38d23b268f6fc0e218fe3c5c45b99c10_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
63KB

MD5
55d97166dbc7a149e29843c162b623ff

SHA1
18b0d68dcd6071cf6f07c59dfdd9c39055ab199e

SHA256
b4023831f6cf7b00e699135ca700c6bcc39d5311e89878c356e4ae09b7d146aa

SHA512
a83a7ca0e3f309c577cca0931b10779cd2a4c47958342751512779e6404f40229815b0cde8c73cd14eba860fe1a89efa54d93f9075293dc1a7a945bec21c4d12

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
162KB

MD5
2ad21089154186faf9521d6c8d3fb98c

SHA1
67998e11067e22c29dc8ef0fb74f809f4db5e4cf

SHA256
5c04e5faebff29926475d05c929e1fc07dbb08b0d9543a17ba7af99fd5da07fe

SHA512
64467c3952160dce5170ea8009f54aa5fcee524fa18c6c2015796dd06e0ac1c2c92a7f29ef88f2c09f4348eb45d6bcafcaddc4d63a02fbc30f12c93c1685b7a5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads