Analysis
-
max time kernel
12s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2024, 03:55
Static task
static1
Behavioral task
behavioral1
Sample
89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe
-
Size
54KB
-
MD5
89b4185b9a1ec003bb3b95a4dc3fd760
-
SHA1
36b0a7c1708e5b80906b9888cd57a58d0ea422d5
-
SHA256
254d7796c618f88547f8ab7664dfbcf2f489e732a996921509866459d8a620bc
-
SHA512
a321974a734cee10b3e600420109e9e92beccda8dd5087382065bec17f1b9485255193319f7ed5faa6365e3bf361356039ebd2190273f9015e13bb9385dd105f
-
SSDEEP
768:W7BlpNLpARFbhblkYlkuvIYFUJcJzEXBwzEXBwv:W7ZNLpApCZuvIY+JcJv
Malware Config
Signatures
-
Renames multiple (341) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\wab32.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\uk.txt.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\mk.txt.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\tr.txt.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\7-Zip\readme.txt.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\id.txt.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ta.txt.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp 89b4185b9a1ec003bb3b95a4dc3fd760_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
54KB
MD552d6723c1c3ab4587b502384fb68b36d
SHA121c41c5ae78e6dccf0d4a50cfa1ceba0625c2f32
SHA25666bbb15a4ba20ae5e93cce60a4c967f1ad88977091e8532f08ca2990b54a7a48
SHA51282b3765f9db072d7bad57e9cd58fd39a37bba73bb5165ac406e41602bd9077040edc7e64901de18dc258e24d3409ebe75d0dcd8f24c37e4f994d35a10931b8a4
-
Filesize
153KB
MD5786cea863b5718b58ed46a2ca2b05adb
SHA129013eb5bc1ccce09cb35fe7e42d7aafff8036ad
SHA256520a82fa1406627bcb910585c8160a30b4f6ea46472e07edd86265f5f7a47a48
SHA5127ed9cdffacffa67eaeca3b4f75d455c6665f352be02dd489f1af30f1dfd9437eb850b5383c699cba42cc7e59e4feec38081f3280cb76493db378bb8fdea07d72