381dac1fd7bf2ec8ef7f22eb50553b06c8faf2efa7b1910095de15580552314d

Resubmissions

01/06/2024, 11:55

240601-n3e8wsce36 9

01/06/2024, 11:53

240601-n2ldhscd95 9

01/06/2024, 11:50

240601-nzzs5acd62 9

Analysis

max time kernel
149s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 11:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
Size

95KB
MD5

6a3fa042f98c5e544498061ab114ad00
SHA1

c1993ed23957cb7ccaeab0ca9d8350fc14e417c5
SHA256

381dac1fd7bf2ec8ef7f22eb50553b06c8faf2efa7b1910095de15580552314d
SHA512

13ad88338f4c207374bddd0f227dfa0b9b33596a1f96e0c3143e3840fd2d3d73a1837bbac2ec6b628b0a1f6ae76e54e5c63f94cfd4e170f7c3ce5199cd6eddc7
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/Waa1aar89JAJ4:6e7WpMaxeb0CYJ97lEYNR73e+eKZWaaO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4678) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\desktop.ini.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-phn.xrm-ms.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jjs.exe.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\splashscreen.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TAG.XSL.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp	6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6a3fa042f98c5e544498061ab114ad00_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1704

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:1720

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
95KB

MD5
a13cdae21fd9415cbe4e1e9322dff572

SHA1
649f13a4599611ed621631c6de698647da39fa1a

SHA256
a74584244b7c95148870715e3cc4a0beaac45a603f6c0ac549e0fb06c03c4ef8

SHA512
d7f072cf9c5dfec11cb6698063af3f860d608959a43fec2629afa51c2d4429b45347d62dcccb4e6cc4c2216c74ae827781939e216386869665df6a812ee1dd1a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
194KB

MD5
9da44b3f92373e23977b2c9d83afec80

SHA1
7940c807995cb95cadce751d79404591e7b76e35

SHA256
a00e93a6130db57c98989e693c577a2f98a1215b1eb0b407451d89e48d615505

SHA512
3118b1519426a031f03e9367eace2889778ef18b023c1dadef71297d15098f46e9db8bf28114a7c6ae104393fd4926e6ed4023a934d009f3145f0d57e80f5de6

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads