Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 12:58
Behavioral task
behavioral1
Sample
3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe
-
Size
58KB
-
MD5
3c486b0bd2c230521b765c1a9dec85f0
-
SHA1
aacb222ead9f1103dcbd2dc17726a394966412a9
-
SHA256
268bd15510e938a11ad408ceac7355b1733778e93868dad54c011420e08ead44
-
SHA512
274b0786f6b53f45820c0f9f5b9aa069329626a6c95908d03481848e1bce940b1954486375f913711d53df8a95414aa35530626c2a9bf4d60ceacd227575d766
-
SSDEEP
1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsJOLK8:KQSohsUsUK8
Malware Config
Signatures
-
Renames multiple (5037) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/2728-0-0x0000000000400000-0x000000000040A000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/2728-1086-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_FR.LEX.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\DismountProtect.docx.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\Office.Runtime.js.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Concurrent.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
59KB
MD59f9c245e0ccb68d56d0ac34daf26876e
SHA1ecf4576488615c931ec6166f828b0b51054c8dcf
SHA256df09e4edbf948f4d82bc703271560994b690c90b82108ab9d2453683ea2f8a3b
SHA5122f828022f3328d8cab5dbee42234cd916561f298ab6c98c4181b374dfd6b07fa6800e8f0a70a197da6edc25d9745fd2101ca36719da1a11e1a1ce0ee096d9cb4
-
Filesize
157KB
MD5871acd5e897782359640aa4cb882071f
SHA1f20cf9ac797542028e11c55a9ef5abe91f399470
SHA2568645774ace845b893d7fc6b9318e294ceae3f8c8a522d9b76fd977cc051c20fc
SHA51283a7575df15841542d136cc13c7b53bee36b1fb0bf575031159d56ea921e990e7ff05b03880af11ef0205a85ef14349073a80f2f16f340bcd2a60575af9a8885