08f9c429f6a6b054afcdeecc8980647df6d054a12bea5020e74f74473f3923eb

Analysis

max time kernel
149s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
Size

94KB
MD5

30d3148e04a2d2a07a00e145dff86490
SHA1

cb34195b5d0ef6aa47cbb9de1b90769e61867d42
SHA256

08f9c429f6a6b054afcdeecc8980647df6d054a12bea5020e74f74473f3923eb
SHA512

107843d9a62d6a3bbdeab8188562463de8dae1bebbb0d2067d53547aaedfee37ed8a3ec2701604887b3bf590417ba70b995cdda53d4e8b227a6b8eab1bd4c589
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/qEc:6e7WpMaxeb0CYJ97lEYNR73e+eKZG

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4814) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lv.pak.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excelcnvpxy.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MML2OMML.XSL.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_200_percent.pak.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ct.sym.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.exe.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ar.pak.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\LICENSE.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL104.XML.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp	30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\30d3148e04a2d2a07a00e145dff86490_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

Filesize
94KB

MD5
64d53b79fde51cb0eb80dbf4aa462cb6

SHA1
4246ae7c0c7dc8c557cdcf1313541d4b1c0194aa

SHA256
1baac0215fe64fc1301e3e22545809193fda255edabd73071aa52395d0a44675

SHA512
64c3d352ae8fba6716a9cd82a95292a93f6e23044823c03554e08afe7d1fd0e8bda4466d58c616c89ba0403bc7b8df87ad1d0d249741cf7bd5a569edd1ee0848

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
193KB

MD5
b23019872be175ab865ebc3aae4423bd

SHA1
9bf9d4de64c8c8b9d3467111d9b9e6cd76ebb25a

SHA256
3cbb35044da596c24d251d8421bbad98ec2dd389a89389104d4992ef101543f2

SHA512
e35a7f97d56981b6f16622d30efe7b600402e832180d26023e04743dea5d9aad2c380629fb20acee0799b0415a42e189d6d48864c671a74c4848e1226304f697

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads