Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15-05-2024 13:43
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
-
Size
82KB
-
MD5
d4b4584360cc1458d105e62a074f1380
-
SHA1
97e07a1ea29d8d0c2df446ca6efa1f49bdc716c3
-
SHA256
96b3f95f6baa718b87b212337129ebf8ac3d55a43abdc4afc7a3b83fbe93f248
-
SHA512
60e4f09c9e432f2016d57c7e3f63d7b24ad43b4ab1221549afcad5b4544c318a6f74c6195b83fbc12b1d5d0b825e31920cd2b6f190483830a5011719a2594416
-
SSDEEP
1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/ejJZJ6:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0z6
Score
9/10
Malware Config
Signatures
-
Renames multiple (5130) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QRYINT32.DLL.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\WordInterProviderRanker.bin.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ppd.xrm-ms.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\officemuiset.msi.16.en-us.boot.tree.dat.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\net.properties.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-180.png.tmp d4b4584360cc1458d105e62a074f1380_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD58154363360d9d585d7a09083914d024c
SHA1d269d62b11c022a7d161dd78a7c12a41be55b8ed
SHA256c3daef613027dfa957f238b0da0d7ca0ac65d5eb93aa86d88ee2ad3ed6bf5c75
SHA51209c38cc73b5721956f4cf417d2be6cf7eeaa3990ded33beff07e867caae6b9d75970a99d251f1272538a3b3521071a07ac51d4eb82f5dc8e8f07955bc3713622
-
Filesize
181KB
MD5e1f9a228f2321490855499bb8175d804
SHA17a53473374280b91ee5fe2dd5555c2f5065e0246
SHA2561bb56bdf653e09fed2fb3576957380d5f08aae96a037f725782ba4c20686f356
SHA5120d207ad22f7c577b6d16d35b93dca2d48a0ba4cfaf38187acc6d8a2f226c336df8aaeac63c78cf2d11f2cdc18ae5b8da6acb0af80c1b60a9109a4a6ff5f2043e