Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 11:59
Static task
static1
Behavioral task
behavioral1
Sample
38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe
-
Size
87KB
-
MD5
38d6bcab6dec1fa22c52b26cacfc51a0
-
SHA1
047b432af808bbb602829e64d9b051274262fe78
-
SHA256
6849be6c15cc526cadb7dd55cbd72993b357faef5c03fafe3252f9c4219c432b
-
SHA512
91e41520ef672278545b8b1c51447542a46f15fd3ba3570d9060c4bf2eeafd01afed24356a06017158b5e6621da43ed28758db7a85843ab881b93f78101ea7b0
-
SSDEEP
1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6b+W+V76RbUkP:6e7WpP9oVLQthbYY9oVLQthbUv1kP
Malware Config
Signatures
-
Renames multiple (5200) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ga.txt.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ul-oob.xrm-ms.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\SalesReport.xltx.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\7-zip.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsBase.resources.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\WordCombinedFloatieModel.bin.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-TW.pak.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.DLL.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LHANDW.TTF.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN048.XML.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHIC.TTF.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\jpeg.dll.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp 38d6bcab6dec1fa22c52b26cacfc51a0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
88KB
MD5134451ff98dac1447e5d0404e319026c
SHA14852c2b79b943fc04b07504fd9fcdf420e8e0b6a
SHA256810e341fa1dae38add0169e77ccd01015af9dac87bbdaebd2c9d707a8bb11b25
SHA512b30ac5adf4cbfd061896039cb56b3682b231274cb583988aa722d2f4a6278c074528d253e74cdd9a668cb8dabb2633f73e277caf008b9d089ab6483cf5728cc2
-
Filesize
186KB
MD5f8f96680defd4966ec8e63032a9f2a77
SHA1b05a7cd3449bd3208602bc1f073880ca4c6cfb9d
SHA2560d974da710b9ac3111ab5502d0039cea6b68ac21b2cd93696a1c41b1106d51c2
SHA512a004f9decd80fde55289da89ed25349d2e3fd318a9c3dc10b26b4925a06759a7335f6d899d9fb5d6689f044f51063b368cb2728d60b5c948d0c8302d8cb49d37