Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2024, 02:33
Static task
static1
Behavioral task
behavioral1
Sample
843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe
-
Size
73KB
-
MD5
843480470fed5b86d265b2d870e7f1c0
-
SHA1
7bd5c5f4b4596b0977baa6cf5650fb5484675c4b
-
SHA256
88b798c89aa7465de3a0ed03b2a12a56acb415dbe56f535cb16a16d2e4aa680c
-
SHA512
84e05d47ae6955e59caee32b3caa121000041ab0d2c5f7f11f3b7258d1b24f0e9055678ae32c340302c716b23315e2548e83209ccde6abbba00522e28c7a95f7
-
SSDEEP
1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEht:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsE
Malware Config
Signatures
-
Renames multiple (5167) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.png.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\hmmapi.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\da.txt.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\desktop.ini.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\an.txt.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp 843480470fed5b86d265b2d870e7f1c0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
73KB
MD5b973e001a7de8cc9337abd68738218ba
SHA16f2ea6ea8ed435a93676decf7babfcdec736c5c1
SHA256ab16619514872c255abacb394f2f24b32e8548c3fd3af0c09e3c0c374fac2e66
SHA51206c62620b163ab4a7b50ae45105eeeff218fe2e53d0acb27c2f47aaef23bc0e3e098f86151990736586295c20464a00d22f11850e0466b83f93db5299e78e602
-
Filesize
172KB
MD517711b209c615e2632ed921841412c67
SHA17114b4b13ab00977e28a5df53819d0a5305c5bb4
SHA25693184bb884359a7abfea416ad4dd6ead602641a2054615f252ca2ad11d668071
SHA5128af9fb276e05709fa394f64e8a9857b88752f922390719944dcea5c334ec3f5c6bd2db40444baca03f0af337109de47b1da1b14d6ffb7a6aaf14da62eeaeadd7