Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 01:09
Static task
static1
Behavioral task
behavioral1
Sample
52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe
-
Size
95KB
-
MD5
52a5697ca490d084e2fd65912a926310
-
SHA1
58d346e4a8680c1001936302c42496c823ff2ded
-
SHA256
5817afa1e63a6c1a349fbb716af9f46906eec2186e15ec65e5816f7094f4aa3a
-
SHA512
83cbc41470b4ec0301a6b94f70791c4eb5e4e615b476ac870fbd6db5b9bdaf9487c4a924c678211fd1d8f591fef05d8485f60c447d963ccc397a576cbb1bc0c3
-
SSDEEP
1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/Waa1aar8p:6e7WpMaxeb0CYJ97lEYNR73e+eKZWaa0
Malware Config
Signatures
-
Renames multiple (5183) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationProvider.resources.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL111.XML.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.DLL.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\VCRUNTIME140_APP.DLL.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\ContemporaryPhotoAlbum.potx.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\id.txt.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmpFilesize
96KB
MD5a07058f1aa22eccecf664d5636811f1b
SHA159005171f7ff21e6206b24629b47dea19f19a86c
SHA256c4db64ab0d6dcb855112fe93d2227e0e6b7a69ccb5a8bcb3601590d1b81a3597
SHA512c5b10855d7a21a6867c9e7c848e4da87e2b88986a2c0438fd8f4c95844bd2854e63521a1c6441d86c0efac989f2e6fca617bcb9f2ad6e48b02c40a510500c4dd
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
194KB
MD5b5a9e934f64a68963c6b00f4f0dc0d32
SHA1a9c58a462863f886909ce3f22b1d5b7ebf61d4fc
SHA2568a509b1072ba3a4d3e7cecce95c25205e6b0c2dde2aa56c0ea1689765d5abbbd
SHA5125e6388d5bb1c62502e366ba0d5b9f26f47f6326438fe0fcee3ce22165e9b3c643fe97d437e414ebbd19c132df5923953f456b47769f5477c36d5f261e10621b7