Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 11:53
Static task
static1
Behavioral task
behavioral1
Sample
3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe
-
Size
46KB
-
MD5
3860af987b6af9ccc546516ad39313f0
-
SHA1
6813aac990c4779eefbd944f99427755bde6d135
-
SHA256
db430c57d7285cf7f39b4246b47f385e565b5f94859bde11c2ab30ec31b1fcbf
-
SHA512
cdbce4772d03d81307855f60dd26a8df949d97924450245967b2324d87f1d6d214e230f87038d375f54a8b69bff095cd373c69443ce2e0c055a34b443f9a933b
-
SSDEEP
384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNj:W7BlpppARFbhWJQix
Malware Config
Signatures
-
Renames multiple (5191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ONBttnPPT.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSB.TTF.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ne.txt.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\release.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.boot.tree.dat.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PowerPointInterProviderRanker.bin.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationTypes.resources.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\XLCALL32.DLL.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sw.txt.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fr.txt.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD51482071453433bc1121a65883d47e8ec
SHA17fb0c329560092320d525287d72decb0895e2d96
SHA2561fd0a05b3c985c707fefc45ef21982f05b45773037ca5cc9e5f1663ec02d301e
SHA5123a339875a8c4ffecc0ce92001c97c30b01ad88edc458fd6b2f040f5b73f48124ff5a5faa42e65ab8a750f175187fe34a7266bfacc8bb5b514965b3aa8811e46c
-
Filesize
145KB
MD59b6646422a5cb77d070e244e94abc4fd
SHA101451684165defd369bc01926c2f15ad7b44b1d8
SHA2565d2b388bef0145dc655818b52220e5fc6856c4fda17d96e4332ce98810914596
SHA512b599291beb5f6ef0a62d97b318e3da77c1fe9a1e53c5c5749b2e6a8d02f2a600e4a43ce88c915cbc580788d55eddb62dbba1187e6801a34434be88ba5f627b9c