Analysis
-
max time kernel
150s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 11:40
Static task
static1
Behavioral task
behavioral1
Sample
029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe
-
Size
43KB
-
MD5
029fdee291172faae67ad45d4541a520
-
SHA1
99bbdcc98e8c9497c457ffc36a24068040cbaad5
-
SHA256
01204386d084e6820be2f305f779634704dac91e51be36b843dbd44c6de5af97
-
SHA512
da5181e7442d78992ab1d44f8abda8eb6e5aa9f8c6aa251b558b56f11ec65d439db60a9cc21769612321a708fa1b15d74f1a37978be19055bec41c706e0c7ab8
-
SSDEEP
768:W7BlpNLpARFbhblkYlkrt8PWGoPWGBJ0CJ0h:W7ZNLpApCZrt8PWGoPWGBJ0CJ0h
Malware Config
Signatures
-
Renames multiple (5028) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8en.dub.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordbi.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationFramework.resources.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMSL.TTF.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.png.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.tmp 029fdee291172faae67ad45d4541a520_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
43KB
MD5bda38c72f33a17eb7e668d9ef3819321
SHA180ecc6fd4ff7524de1bafd2c5d42a4eaff4b11f2
SHA256044610d5f0b92bedc1e34583c3e51b4cf18f51cf7b36ef83baa4e801426b53f1
SHA5121880c2e4cf71255a1e6a86e28e8001c9d22aaafedec1b8a4dca749375bac4c313edf1b66547777048791fefa118bed90e56c0df6e0fb66ab6f6c1c22cfe4395f
-
Filesize
142KB
MD577514767c8d991949f17b91e8155b86a
SHA1386ed36fb96dab548e72c7b87f89d0e32fd86b83
SHA256266df762c5ac66594dbfbe61953828cbbd41ffa0aa9b7ff34fbe156572f1509f
SHA5120168b05f70dd3f1182c16a744d5a7880181afbe00c333599cc5b1db2028a03d30a7537f126c0ecd4d9bd04c7544bdbdd13b388034912fd2a0dddab68bf210c5c