Analysis
-
max time kernel
149s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 00:52
Behavioral task
behavioral1
Sample
16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe
-
Size
118KB
-
MD5
16d3aaf8c4dd2cf52b58b23843b11980
-
SHA1
9e921ee6fbace34391a5fb95889b3a938ab19caf
-
SHA256
c1ca2383439b982a263918a75afe704e430864459854b05f6f31f3989d4641ca
-
SHA512
2aa7af6bc4f6e5e4b3813ace1f58645207ed2887882555335b164019d713d3ee2de37ecceb411ed0e139a612508f67df15f790cb9d9661fb1c64f5ebf6350e9b
-
SSDEEP
1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfli4:hfAIuZAIuYSMjoqtMHfhflixit
Malware Config
Signatures
-
Renames multiple (4659) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral2/memory/2108-0-0x0000000000400000-0x000000000040A000-memory.dmp upx behavioral2/files/0x0009000000023403-2.dat upx behavioral2/files/0x0009000000022979-6.dat upx behavioral2/memory/2108-802-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\bn.txt.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsBase.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Parallel.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\110.0.5481.104.manifest.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationTypes.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationUI.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-ms.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp 16d3aaf8c4dd2cf52b58b23843b11980_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
118KB
MD5a989f509a7185abb812e6d8cfa0d058f
SHA1862122b3ef3d1e2746ad204405a9441a58b0737e
SHA256d962a8e2e8cc389e998f9dce1fcb5523ced0291950c23c69ddebaa685770a0b5
SHA51299c62dc9373cbcbb623d6ea4d7558abff2753b1eeccba56f1556edd3cfb66ccd3e48800ca4aa1ba0158acc8704d929dc4e588072c728b30d7c35530ec3d8f3f0
-
Filesize
217KB
MD58e9bd28208dee54b567ff0456ad05e77
SHA140181a1f10274c695a5e7e05acb60fdc1606215a
SHA25612bab8c9129facd201ab2a36d5260c5c9a33d1b8b83e2b80367eaea670c28ff8
SHA512253fe428c895be521c92b52f253e43ea80ea3a9f78932245776b06a1238e17d0d4cf30c484e9c447c477158c8ac24f0ed876c2a4bca3e932023d73f969f038ff