Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 14:04
Static task
static1
Behavioral task
behavioral1
Sample
4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe
-
Size
51KB
-
MD5
4050f1c57348b30e6c6b9913a3e41bd0
-
SHA1
5aae4eca1633bc22042098638c79e7b94cf7ed87
-
SHA256
ba21be8c36799d80b4d123cd3e7fbacf92549a146b8f9ec451cb7683f0b808bd
-
SHA512
eca09860bc6ae243ac571185e9cce8135744bb7ef30b6619d1a22c5e37065ea8cdf7fdb627d954cdcf9b9614d88d332c50a62db3229c9a478978d66cd046fa9f
-
SSDEEP
384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbN4meWpcccA40y4kMqre:W7BlpppARFbhWJQi04q4v
Malware Config
Signatures
-
Renames multiple (5332) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ar.pak.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ppd.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationFramework.resources.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-multibyte-l1-1-0.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp32.msi.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODEXL.DLL.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ext.txt.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODATASERVICE.DLL.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-conio-l1-1-0.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ppd.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\AssetLibrary.ico.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\README.html.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4050f1c57348b30e6c6b9913a3e41bd0_NeikiAnalytics.exe"1⤵
- Drops file in Program Files directory
PID:1508
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4004,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:81⤵PID:2792
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
51KB
MD551d1962e5743070dac2504da3ead1b99
SHA16f531538fca0eccc65d0911b13dfbdd08415234a
SHA256ac8cce66fd576f9010c5bcf1b4bb66a4140df7a53a865cf85cb35764b959a2fa
SHA512734f5424a1790ceb98fc4c88b0cb873159289415c01e4965db1d99390736d4e31fd11c87947b3238ef7d512fe08fced6ed56dc0110c5881d0facd8399db84d46
-
Filesize
164KB
MD588ba75d96eb530c72bc2eadc7795fe33
SHA197d325b25c56548b43eef3dd64a48033abbf36c8
SHA256a261b11f11b0c4f56594512bb9d05a17a13938e625820a434b0b2f82f5580335
SHA5122b2afebe12227c88e043167f51fe426f963627f1426aab3ce3511a3d07bbae492780bd6d28969000d4b884e9f5923a247a16cbe59ca7e56380100f1127a9e2a5