Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 14:02
Behavioral task
behavioral1
Sample
4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe
-
Size
81KB
-
MD5
4027e344d6dc9112e8861bbb5af594c0
-
SHA1
d58d72c1bbcd341c9cab697fd63df37f64750e26
-
SHA256
d12f3c83685e2c8b3b8330992131c3e05d29f8d6d47f6ff27d43406a18992430
-
SHA512
bb2d37bd01841275541e29f307d4480617ca9236495a6442eb73b2153b6cfe86d589e45c2f46a042bf75b81f1ccaca117d311d2a001bbeefc9efc8ab05dd4ad3
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IH:fnyiQSohsUsWU9BK3H
Malware Config
Signatures
-
Renames multiple (5197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/3452-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/3452-1910-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.tree.dat.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNBI.TTF.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ul-oob.xrm-ms.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OART.DLL.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.tree.dat.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Uri.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ONINTL.DLL.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\WordCombinedFloatieModel.bin.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp 4027e344d6dc9112e8861bbb5af594c0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
81KB
MD59ff4a17ba54236273eebe29e9ea71692
SHA193f8650f41e42aee643cc1773ce3030b127ac576
SHA2566784b1dd948b9c4355e1b06992a5237705240d8340b419f2339f0e390fb9e55d
SHA51200adbd753c50a4dd85515e9bb1d52f7891c486fa138f4f2bc3d7c922d9a4bb70ff6a39fa0c6a823dca3c3c23ccc9e61656f5a5284b8652f1ed920987d1ba091c
-
Filesize
180KB
MD5555b0c287cf3de01b3f037db5993059f
SHA1b0a1943097d6d95c99461cda0eabd87c7f8a4463
SHA256196c9c8cf8c9370626e8f9c4c5cc07e316270d64be2f3a478398f5075e6a45ec
SHA512fb5428163cd9835a286211589619a02e5e87fd7c09809235ed035e6ee812d7dbdd4ddbf6d7a1574885b69939dfd07d81b44ed86a6d2873507e3b40cb07f23724