Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2024, 03:35
Behavioral task
behavioral1
Sample
8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe
-
Size
1.4MB
-
MD5
8830a75d4734c153cf60d0ccf56b85e0
-
SHA1
918c57e4fb0c3e0d14bb247498c0851ee6361672
-
SHA256
112f5e2db80deefe0ff4cd6b533e35d86583215da9fa9ba3022720becc9fcfd4
-
SHA512
8fa663eec63b1407fa7dfd759f49728395549fd0db0b6308169017618b3231fa025bdb77cd4acb9716c2683cd45ce04c7c1f64f5e192ca51bef8f161fd113c7d
-
SSDEEP
1536:V7Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSC2:fnymCAIuZAIuYSMjoqtMHfhfagT
Malware Config
Signatures
-
Renames multiple (1897) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral2/memory/1288-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral2/files/0x000700000002328e-2.dat upx behavioral2/files/0x0008000000022970-6.dat upx behavioral2/memory/1288-732-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.AccessControl.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\7-zip32.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Input.Manipulations.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ta.pak.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\uk.pak.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ko.txt.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Console.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClient.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\it.txt.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp 8830a75d4734c153cf60d0ccf56b85e0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5d34eb5b8d501896aa3ab1778bfc9936b
SHA16287de83821630542ea79c75ff0c45441f9848af
SHA2566eca086f8cda9ba59b6e77aec92fd2ce283d72a01162dc78dbf3b6505e70f57c
SHA51248f12a86b5876d925e5fd09697c1eed67a9d7f89e308ddba5ba528c1a65fdb73f988cecb86493ec9462563d18504c039c5d8805f074310546f94f57df833f96f
-
Filesize
1.5MB
MD5b3b8c4d776cdc6aaa6cb083341ea7559
SHA1e00151421595282d0164e6dac7ffbc6f1070a9b9
SHA2560d99956efe3bb460eba5dd89eeb8653ebb2ff94ddac3f92fd7bbac2fe60e3251
SHA51264b30438ab3b01222d09bbce72027127cb24df05c3c8b39d35301a642aea4b01dfce270f0f8a20c962cca0137b02f8dc5cb7031b20fe09b6263a6f2e61ca4d40