Analysis
-
max time kernel
149s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2024, 03:52
Behavioral task
behavioral1
Sample
89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe
-
Size
198KB
-
MD5
89766a2b7fa79503419eeca699ba5740
-
SHA1
da087144fbffd9084ceba7d80f2a523579179d01
-
SHA256
0215f5b768f6cf46004bf051390d9cfcc4a8150102169b52ab97380c838e4f6a
-
SHA512
3f36399bcb287fbc443e6702900a18154f9b15a46c5f15cb5028f8f3e33cfa3e2fe2fd56682b6d892a5782df2fb4ddfee0d33530b8f3a1a19fed03f6873fa4b6
-
SSDEEP
1536:V7Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCR:fnymCAIuZAIuYSMjoqtMHfhfagqYje
Malware Config
Signatures
-
Renames multiple (4652) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral2/memory/1584-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral2/files/0x00090000000226f2-2.dat upx behavioral2/files/0x0007000000022983-6.dat upx behavioral2/memory/1584-1596-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ast.txt.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\7-Zip\7-zip.chm.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\flavormap.properties.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mip_upe_sdk.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-oob.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ppd.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationTypes.resources.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-oob.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\en.ttt.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\tzmappings.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp 89766a2b7fa79503419eeca699ba5740_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
199KB
MD5c4e62c7f336726b004998a8f64a530c6
SHA1dd91808dc9d052d401f0db76f63705e41a180e72
SHA2569fbb6307fd03d062a856d4d65d2cf391b36ac4d8e1f0173e37a84281dfcc1a89
SHA512d09b8baa431b7e0780a0d3bd20efdc86875eb72cdb3a4979d3ecef7440a87e2b11d92b17ef1f248e4c479b21adc087f8143fbca24b1b49f3000f096250d467a6
-
Filesize
297KB
MD5847b27077806d31643011b0faa6d9999
SHA16cdac7cf1743a0008cdd36dcbcbc244bb9e36cf4
SHA25692aa7be9b48b5867e8ab7964f3c39cc85833cc4ce0b06053b5c3446c54fdfd67
SHA512d1b752dcb3c1c9c29f78b87f73b87b28234509ffff01a209cdbf6eb6d2c9337374ad074570b7e259aa89e04839945a3cee081bb8d024f3da177565e9f7cf0495