Analysis
-
max time kernel
149s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 01:25
Static task
static1
Behavioral task
behavioral1
Sample
228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe
-
Size
50KB
-
MD5
228d68ede681b88ced45a5aa80f9bc70
-
SHA1
b63b965e942e3c5a455ae63c62907c749e539452
-
SHA256
94aa84f8868c55d951e21781e20850ca58f305b1fc5ac7297bd6e37625066b76
-
SHA512
dda89ecd913a62add29c4aa787aeedd7bec6bd7fde497009436fac69fa490434a7d70807835ba7fab497b5c501dcbf60cba3db67973fe428c8b4b25aa1e97875
-
SSDEEP
768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcH:/7ZQpApze+eJfFpsJOfFpsJq
Malware Config
Signatures
-
Renames multiple (5192) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\proof.fr-fr.msi.16.fr-fr.tree.dat.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sq.txt.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN048.XML.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\wordvisi.ttf.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\net.properties.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.POWERPNT.16.1033.hxn.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ka.txt.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.png.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ppd.xrm-ms.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOS.TTF.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp 228d68ede681b88ced45a5aa80f9bc70_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50KB
MD5db5a59472ddcdc3ef6da80e2db4ec7be
SHA1c10f1a05dc421eb5434c70b9080c2836356e0367
SHA25694f8d9149a1e1418e38b135a41b403c2fe2a89fa9d678dacd4446b4246c0b5ec
SHA512c9674c464f3d0fffd33b80faf01db6de6758b84e05c56eb6951566201b0456d7e43b5cb9a08838252809162e5de70abe47cb9a40ae52190b1b5b9e062ff01f81
-
Filesize
149KB
MD52c401d3231d91f0bbd2f4be36bf30173
SHA11c1b0db09b3b8523c2bb892ab1d3ff621f28ca20
SHA256dcebd279fbd4eed2677a588e5ff2cc96206566f9a14548091af40b3b02c16b68
SHA5125375411ddf4116df1289f14053c82736d388cb57f00e7bff19351ca1e459c676a5a6ddebffa86b24ae3c01919f035dbb00ed75323a8826b21c71a369561c6c02