Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 11:40
Static task
static1
Behavioral task
behavioral1
Sample
3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe
-
Size
89KB
-
MD5
3762da172002e778d48ae8959a69d260
-
SHA1
33cb5e6099880411b9e629e56cf88fa7171e1702
-
SHA256
4410da8a6e92916727b79dd2629f5eb24b75604f7487bf2cfba981389be06fff
-
SHA512
a613cc1490ab899de37c469bfc65c64e34a0ebcd1ed4f1b7415f312f93c5cfb6ea1dfcb50954292d63e820406e3854860bbd26027cce1f8f0b157ea7c8feb9d8
-
SSDEEP
1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7tITcfNrRk7VP2DzpQAP2kTg:6e7WpP9oVLQthbYY9oVLQthbUrt7tIT1
Malware Config
Signatures
-
Renames multiple (5196) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
3762da172002e778d48ae8959a69d260_NeikiAnalytics.exedescription ioc process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\jjs.exe.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.MSOUC.16.1033.hxn.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Numerics.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\TextConversionModule.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\wordvisi.ttf.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\MergeConvert.mpeg2.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSBARCODE.DLL.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationFramework.resources.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Principal.Windows.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\include\jni.h.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\OriginLetter.Dotx.tmp 3762da172002e778d48ae8959a69d260_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
89KB
MD5c101517e19b0ac8d05156012215b6d41
SHA1e948c0c757c747f96a467337f154277d00bfce7f
SHA256878caeffb03fcaa8a052d92ad2c5c004e5c92802e6edebbe5d39057cf2c6db82
SHA51235b0eafd02365dd18f585eeee59d196e7b17b542c70a8db79dffa533e072e17b447a83341672e0f69c2e3ba5da5f9f5b229834579128d271a0e503cc16bdee80
-
Filesize
188KB
MD5a06d9266a98e3f5748eada3b708c1093
SHA1671eba720e9683000fb5d6bb12a26a6b68a886d2
SHA256fd815bba0d7fe320b82bf37d0926f7265c1ef378ddecd2d2226c62d3f85ad35d
SHA512011e89138973a68e2808003633a4d406418e51d58ede0150e95d4f977323073bb229d7401e0bc5f0739dc72335ec05c7c9d63821c54d26a80be8b2b0bfe02eb3