Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 12:23
Behavioral task
behavioral1
Sample
3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe
-
Size
354KB
-
MD5
3a309989a547dfd36a3211bbfbffedb0
-
SHA1
26f09356e322f12a53bd9d6a9e2d181a4be60b83
-
SHA256
76c8b7dbfd5247e59ba6039111db50dff96a977e9e9f557fcc6290e2cf677321
-
SHA512
38767803e43d113b8b02d316aa50071a700b102fba7e1deef83f43981781066a535baa1b2681cd3a620a4c2e49285492d20cec4b08df9baf96741be4a2ee767f
-
SSDEEP
6144:KiQSo1EZGtKgZGtK/CAIuZAIuMQSo1EZGtKgZGtK/CAIuZAIuj2x2O:VQtyZGtKgZGtK/CAIuZAIuMQtyZGtKgB
Malware Config
Signatures
-
Renames multiple (4373) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/3524-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/3524-1436-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ext.txt.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClientSideProviders.resources.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\7z.exe.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
354KB
MD50194d19eb3e375f95e4a483485872c59
SHA112e47096d57563ff60182d0c939ec691dbd11c63
SHA25650f3995651b3638d3f1bce5f0bf94856804d765b7d6e5f446a2151cdd91fac7d
SHA512cc5c608a152e9ff17c55b8901cc28a0a412ed1cb49923bce184abdc17b15704cc5203f5019b931b0a04c5de4113acc4cfb16ade74421ab5bb129f92a7326d3fb
-
Filesize
453KB
MD540075da22c294f39eab7e241fa6275cd
SHA151fa8acc1564e02674e2688608b804db50062705
SHA256dd9b51394df4c88f5b3769947cdb3204ee9395e1cdbd2bea64c226f542d5ac45
SHA51224a35717a433f467d73a969d02cc64c297cd6c16b791eb3dcf60e79c15c517eb059a0114b46817063820fee532b4e4849d06adaf027bca3f54df1b2fdc231c93