Analysis
-
max time kernel
149s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 13:37
Static task
static1
Behavioral task
behavioral1
Sample
3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe
-
Size
52KB
-
MD5
3eb0e8e9b1ad24ccb8f9b348febaffb0
-
SHA1
fe2888ca6768395803cf398b93915dd4043c3a8a
-
SHA256
51b4f7913eaea29ed20a8417033299fbb48ea3fd82303f1b08feb2d0633c7bed
-
SHA512
05627f8343dd4dbceeae985f83839def8370308a120f884f352b7c5d50f8118c4d6a8c5598884d72d9f3fe17d327af3e038f60333f89a72586eb6dfd16fc145e
-
SSDEEP
768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcBF:/7ZQpApze+eJfFpsJOfFpsJ+F
Malware Config
Signatures
-
Renames multiple (5187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOARIACAPI.DLL.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOARIANEXT.DLL.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\it.txt.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.boot.tree.dat.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\an.txt.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalLetter.dotx.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\MySharePoints.ico.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNB.TTF.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB
MD54c7a121802266fb2b9c03d430fc766b3
SHA1944dde769f2f6a1cd551f266f8de711e652cc8a4
SHA256ad83ffbc8ec16e78d0ecd880a759309d02e86b19facb3ea896d2feb25d71f12a
SHA5123c65728068e5cec5e0ea437e0e8afb7e44344b78b533f6d1a29a720f955b3e23808d3b086ece2074ba60883af0d7e0db45b7568971894a6b22e23fbf6ebdbfd2
-
Filesize
151KB
MD5a03db65ac8df25670322c599f44ce84a
SHA1bba2a0828fb4d4c61bd4d844a835ad031f69dfd4
SHA2564c7b4e4ea5f5efa449d3ad0a45d569fd7c826736ec8b774ba48d6fa68531aebb
SHA512c8970d89b3ff9091c3a87ac4bdeae4924e3a2b3df5cf40472e4b5196272110c0eba5f3f674eb8c142f4e4bca19bc86f1ecf57a830223d4760ad4bb042326090b