Analysis
-
max time kernel
23s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2024, 05:43
Static task
static1
Behavioral task
behavioral1
Sample
9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe
-
Size
132KB
-
MD5
9149b7dbb0aa39c40ac0aed171954020
-
SHA1
dedbf080fcf8478202a0f68f868d5fd86922bdbf
-
SHA256
67f11bd5eb19334f40c0f8f7c2cccdf09d57203c0ad9fc3034e6f894bb8b5936
-
SHA512
c51e9a32c7187716a43993df4d81a68ab2116d1004495cf1d90c7cbfd28e591ccdf121dbb8663bbcf36e99728e7d5afba18b216d8c409019ccc4dd607d2eef88
-
SSDEEP
1536:W7ZhA7pApvOsOKjC0YSilpFpfkJOMrTm/UZXyNj1tyOTuw2llbh/MKHjNHkqwZ2g:6e7WpXYvnO6/Ulysw2llbOKHbLAt
Malware Config
Signatures
-
Renames multiple (623) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\bn.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fi.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\si.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\tk.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\be.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.AccessControl.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\co.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\id.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\it.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ku.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ast.txt.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp 9149b7dbb0aa39c40ac0aed171954020_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
132KB
MD59741e40dbb64cdfebe6858576b2b637c
SHA188d5f87d4c9810957f4e0fc413eb9d6bd384928b
SHA256c2f18575befd0a46e15f1e5ded5869304f1b212425c9d01af68f437118857232
SHA5127c6c887b5d7c11ba9c758064290cfd694e06a4b14e08cf33898648b168d966fbdd6bb071da3e942702bea04a6fb772430a5380d97c85667009ea463b8e4fe318
-
Filesize
231KB
MD511aa79183bcee9b194fdb646ec582631
SHA104bc36df339e5e79f5e5910afd22261bcedadd48
SHA2565cd2bb81ce9efc368513f164a706cf446f88b3fe1414d54c4bc91bbfec45de69
SHA5129066d758cc6b3906aa225acd9c5c6816559354c4dba86d9fca38f0c066c932212c27eab75cb9f34f6087bca96fffc6ce6b3846ff76fb12b1ed7fa39a2abe5c35