Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 01:14
Static task
static1
Behavioral task
behavioral1
Sample
52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe
-
Size
46KB
-
MD5
52eeee6142adcb7c8210798f75a98af0
-
SHA1
31402526d9b292bae855573d0532ed73b42c757e
-
SHA256
8d2a709ee530d83c29424a279ab4a0c8e8beeb92af3b44a1be94232e6441e440
-
SHA512
ab7e6cd4cf002e4d845ad8f3396eea4027ee17884c94a6b67b9e7355754353751d2a8641b37901f4b8a3ef92a7fb70029821a3c5aee1a8bfb7de105eb14cb6db
-
SSDEEP
384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFt1zecDT1zecDR:W7BlpNLpARFbhblkYlkuvIYFWcDYcDR
Malware Config
Signatures
-
Renames multiple (5284) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Controls.Ribbon.resources.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\COIN.WAV.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-REGULAR.TTF.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACECORE.DLL.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\manifest.json.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado60.tlb.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\pl.txt.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN089.XML.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp 52eeee6142adcb7c8210798f75a98af0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmpFilesize
46KB
MD58f204f2f155ca37c92fa67ef291a6a8d
SHA10306d6b3378b9255827f2eb78e4e61740da0c67b
SHA256607dd7c8089413e8dfde6565f821e5d9ee426315ea3b4f2a497745e23a4aa7a0
SHA51201290e7eaa0e3294e2d521390e60c3fdbab330b36d2f16b3974df87d911b5805677bf3943b9184bbbc367df22aed2ec924c6a145175e30b4733fefc758c1ebd9
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
145KB
MD5cc6113f0744e0263093f8876fa6fbb33
SHA1025dd64c2cea045f7992fc018134bf622bab2507
SHA2564a6c87d2894ec3f626fa31892375d89555a83f316fb4cd5932fd013345789d94
SHA5121ca404c1dd1c031415b28dfeb1823ca730182aab907b942082e136f1ecb57c8e77489cf96abcf08199e5dff925181e930cb9b3555bb9ee11c58c0c38f7961f02