Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-05-2024 17:49
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
-
Size
96KB
-
MD5
03ebeef887b6cfab8674ba1c4e117f80
-
SHA1
93eb6e10e8b21f92df15278533cbc5bc9bf4206d
-
SHA256
690d213ad3c2eaea2db4d9747b773c94b306576e72ced522c79a60fd6a0bc219
-
SHA512
ff54ac1b8b7646a580c0e012c612fbc04374a28b91e8cd5b39d36133413d96765d5545cb0f5a96128dc004a8847dc71b986a8957ebcc0404325b9d9f15d6021e
-
SSDEEP
3072:6rWpcOPxPke+e3fFpsJOfFpsJbgEF7DMX:tFPxPke+eIJMX
Score
9/10
Malware Config
Signatures
-
Renames multiple (5129) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.resources.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\af.txt.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClient.resources.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\resource.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sqlpdw.xsl.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.DLL.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp 03ebeef887b6cfab8674ba1c4e117f80_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
97KB
MD5e12cc7fd6ea014e06612fa5e35356c20
SHA1bb1ea094a035c7415062f34a7a5bea8b4ff8e00e
SHA256096c571ea45f8431615fa232e4b4c435df3c5bb765cb59b6fd25911459a69777
SHA512a97faee2556a39c0c39169c7753c08a9f5c2c95ffdee291fb919988f07335bb545974432855ab5d6af928bfe3e72d58b7b63ee7fb56a9cc2da11ddf75066f1a0
-
Filesize
195KB
MD55b3a53f67ae2cedfdf46a9f467d53703
SHA196f373e05460cf620e68cfbb0eda2ced5a8c7e07
SHA256b1b6128d6d9e41f6e15fdf43af0f8a65cc079876d9bd15ffbb0dd3744980751f
SHA5128875db7dac841221e4d79ae56963836242c85a693fe7884d6ae668189be6e8a73d1c9764517ae6dc1b65f58f0797a8bca7d0b7426234b9be06eaa2210b6f6c14