Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 11:56
Behavioral task
behavioral1
Sample
389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe
-
Size
85KB
-
MD5
389a1e6b4c0167a1cc9169ad5a8e7ff0
-
SHA1
c557a5cd0087c08846f31ea9013a67fc30381f80
-
SHA256
36fe7f45211e220a4d5bc40b020c368da3cfd673ac32d566e2126f1ea9927597
-
SHA512
c67579ca2d9911128d4279273bd4985654fa56d0761430893590ebb62ec9937e35efe15b993c3e1ed0864f5703d43f0fad018092427fe7601d4f14435762896b
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IZZG:fnyiQSohsUsWU9BK3K
Malware Config
Signatures
-
Renames multiple (5180) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/1932-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/1932-1924-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\pt.txt.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\OriginLetter.Dotx.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClient.resources.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationCore.resources.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoDev.png.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sw.pak.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms.tmp 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
85KB
MD5cc3bf032bb034893dedf647f1c703aa6
SHA1a372d38423762bc51fa87552ce1c88bcfb27e4d8
SHA256d7e4dc20263414b76c2d08180be2b71422ec13c87cb9da5e413fb6a93654604c
SHA5129b443e2e3b244ea33270f9f6d74473ad6d88bb5ad2e9b4627b0539a4153be4f0804cfd28775d068905f6eed39bb24a41917179e7b003cc78a71b6ed4eb479226
-
Filesize
184KB
MD5f3af2bfee4f0f5df397479e533cb48f5
SHA159aaef4817e9e1bb4c3da92b74e40984710ae17d
SHA25691363b6e860b3d17bd41c490e75d9ac8a0930a0b3c652edf9325eb4cd410e50d
SHA51209d228c0f3415b9720c7f634b8f433385b084f0af30b3d89cde4945099d2ef9dd5e3b25fd45d180b27655947b41486163cccdf9822a2e9cad3c4864db76eef77