Analysis
-
max time kernel
150s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 00:05
Static task
static1
Behavioral task
behavioral1
Sample
2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe
-
Size
74KB
-
MD5
2021d29e64c53d9daca87df8ce71d9e0
-
SHA1
80dcef20b1a8d39647a4ddf96cde7d040cc7b876
-
SHA256
d3bab3c59656f139de8430700d29bc64b1cd2ffd3addd7fa76d3a84743eb1835
-
SHA512
e573b184bb93a59a60ed7da20dadbbf66b23684400be028569c9d7d8b2ece233dbbf7062d613bc8ed89aa017a28abf57e0cf88d573d004c6f859a6a78c68984f
-
SSDEEP
1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t5m0m69M:6e7WpP9oVLQthbYY9oVLQthbUrt7t5mh
Malware Config
Signatures
-
Renames multiple (5163) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.LEX.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.TLB.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Extensions.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.boot.tree.dat.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationCore.resources.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\meta-index.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OCSCLIENTWIN32.DLL.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
75KB
MD52d16cf1783b19a65ce4553d54df9c43e
SHA1d3f834850ba9d1199876e322bad1f6f73342224b
SHA256e75e7a93e85fe9ba5952142b9bbf3b83414a5ad6998b4e27b2d0913661cdedc8
SHA512c3b686dd7e3bf8290d79d96d08c6d530fa2a2570ad19f9f69dc9b0f62db2185f3aa59cedd0f59be95cd6db6b9033a5ed92836f8a683d78efe8777f239d202335
-
Filesize
173KB
MD57c6d2e21e570aad38ff0a753f175b918
SHA13a5df7baac98aca66562fc32fa58fc86e902e5e1
SHA2560fd4d66147cfd254aced8b9725bac4c9a032197db62e7e364dd9f4b33dd80d59
SHA5123dc1e2d3dbf19229595de11b51ae4990d109c7af70e7fbad470533b86ffea7acf35cfec832b3475229565b4c0f01920c3bb0443ecc6573cbc98a7a1da3ddde7a