Analysis
-
max time kernel
149s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:03
Static task
static1
Behavioral task
behavioral1
Sample
a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe
-
Size
99KB
-
MD5
a2bbb491635c8db0e30ad050e4c87a30
-
SHA1
8ffe7347c8fc3261ca72b85d7f6d9ea6edde92ab
-
SHA256
a97140f20071a9ba268b8c445424f14e97f5533a811fa2104db6e748ea5e329d
-
SHA512
71f2b126bc5b0bacba9ac601503e0faba61ce3e9a0794a237e903a1ea1bd115909917bc04dec67cef6f8793ba90b877c98d9ac8109eb875484f4c474b70b4841
-
SSDEEP
1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNcpo:6rWpcOPxPke+e3fFpsJOfFpsJbgEd
Malware Config
Signatures
-
Renames multiple (4832) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\manifest.json.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\af.txt.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ga.txt.tmp a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
99KB
MD56e35c3dd272deef4da549f8b163e37ea
SHA1a46d3ce22988d64b5a00e16866448c11c1294880
SHA256c2c59d6d4e3ce69d7465414b14a7f1b7341a1015a6a1a7fb883bbd1973a139c9
SHA5128589c2c1a29b8fc6428ef25c1b60ea10d8bf09825a48818398445cd60702403775079e93af93a8e012a688def28d4c42f1fa87517ed7c2e3ff337fd387a9fd0f
-
Filesize
198KB
MD534f488e43997184fc7ba1210de270506
SHA11dcf26fb5829549b50075f39ba5fa233fd493a89
SHA256944bc4348c146a6f9ba27c55cf3f2c8f4eb5c0665249b339c27173e0d0c06740
SHA51201e05b911cab034ac47692a88984e80453e3c3ba4821b1cf57ead47b3699428a4a0131c6f6325495e58a9e2626a15702239cf471c9c74851bfbc6947ae2240f9