Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 01:37
Behavioral task
behavioral1
Sample
22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe
-
Size
189KB
-
MD5
22d001ca6de9e806b59e823e4a9e7f00
-
SHA1
6d0d0a7b5fc8163d34810d0feb48ea96aa2cc654
-
SHA256
a9ec5f60030890abad4fb262031be79e7ca207d65477e844651025445e1a1174
-
SHA512
1c6d0ca10cd91baac64028e78029d1f88d191f9cca5765fb881ffdf9e06b463aff70cb667df75ced6b4ad38ad15d46cf1327655418867065f53533c1cc9b832d
-
SSDEEP
3072:fnyiQSo1EZGtKgZGtK/PgtU1wAIuZAIuV:KiQSo1EZGtKgZGtK/CAIuZAIuV
Malware Config
Signatures
-
Renames multiple (4672) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral2/memory/1532-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral2/files/0x0006000000022fa8-2.dat upx behavioral2/files/0x00080000000229db-6.dat upx behavioral2/memory/1532-1602-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ReachFramework.resources.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Primitives.resources.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\libeay32.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrgc.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\external_extensions.json.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ml.pak.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\et.txt.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sl.pak.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp 22d001ca6de9e806b59e823e4a9e7f00_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
189KB
MD5cebe3b6e1c39964f154bd5a511a934ba
SHA14579a416dd24c3d1af3095115eaca21162f18ca0
SHA2562f0438f30fe204d3171a843bd530d88aca24da1956f0fdc61c5b447bc7a72447
SHA512a790dacb7743c6ac0dc8a1a551b5662e977440ee467b52b3149e890b433a0bcfa852a679e11f8896d6cf9ca807ba1184d3237d8f74ae85ec35d64171c77db212
-
Filesize
288KB
MD59172b982c8914273e882affafdc88827
SHA10cfb9fbdc9dbe046ef1b436187c48971cd4f591b
SHA2561108e7142cb17c3d7316433a318172ad3c77612a028f8de25c4787bf8fff2171
SHA51262a8d9ebc90bca2e596ca78655c265525aeb9706bb4faeae9f7cd3c1fbced8819fa4bbe1d25111bacc949def355b4f99c09d9498b91405a8b9fc8483de8ebbb4