Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 13:11
Behavioral task
behavioral1
Sample
3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe
-
Size
135KB
-
MD5
3d214e95757a3f4b87ff3606e29fa7d0
-
SHA1
353ccdb27247eb7a4add1ba74e6b473e9392e340
-
SHA256
438d333b469329c7cf4ea3540cb28fa8a844c897c2275666f0df89e7cec66e0d
-
SHA512
b866aa408270c08953f7e021e35aecd40c3ebe68a0d8a92c333abe7ceaeea759f0b5d0e1572dc3e4acc55449bae36d3a5c81b680e64e241f2af2fb50d17e8c67
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsJOLKPTWn1++PJHJXA/OsIZfzc3/0:fnyiQSohsUsUK7QSohsUsUK0
Malware Config
Signatures
-
Renames multiple (4863) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/4856-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.exe upx behavioral2/memory/4856-1778-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.ResourceManager.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.DLL.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_elf.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ul-oob.xrm-ms.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\GRAY.pf.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp 3d214e95757a3f4b87ff3606e29fa7d0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
135KB
MD57db2873b9ad30307b5aca4e561139350
SHA11f312d0aa8d86b1d0c18b9d4ff613eaa29ed3f19
SHA256062a551e904a0634f8fe72a195bcc6b4b4cc55cd46e0bf063232fb52734ebe1a
SHA512d130ab401732ea47787d749bfb2b12bc95d6559828c35e807e5081a92dfdcc4030d9e0f934d0b1b60bd766a5a29619f9daa57a352dcbc2720103b162b0e86b17
-
Filesize
234KB
MD594eb8ce7fb641b741cc9682c2654030b
SHA1ea2cdaf1f8cb1e3df06885e7d126bdc088fc7d29
SHA2564927b9a133f2c60e3275681d9ed769ce442a704ed4f3807a66b94cecfa65e7fe
SHA512e12b0234de8467ba27d690c1ab115217aff9350f6f7111f6f24309abe53c8eb32307d5ea7f9e6c11cfacd6c46c44f18719e09d97b4a56641253012f3c481458d