Analysis
-
max time kernel
149s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 01:55
Behavioral task
behavioral1
Sample
551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe
-
Size
360KB
-
MD5
551fcadaa9998c365de1331dc7df11a0
-
SHA1
5172a064a1773cd17fc5168e9c1ad4b017984f48
-
SHA256
59377316bfe639e8d7505aaa2e8a9b13b753df2d3de2eb84acb6d0767ef640e1
-
SHA512
026543ace51216a8d11803807b6ea7657baf7035d0c2b0ef3d86ba11ba52ce601293c1377a16c641f9ec987ba04d0f989f120e3c54ead14d5886d47eae168f55
-
SSDEEP
6144:KiQSo1EZGtKgZGtK/CAIuZAIuMQSo1EZGtKgZGtK/CAIuZAIuj2x2a:VQtyZGtKgZGtK/CAIuZAIuMQtyZGtKg1
Malware Config
Signatures
-
Renames multiple (4310) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/2184-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/2184-1496-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Input.Manipulations.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sw.txt.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.DLL.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\net.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-phn.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sk.txt.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\java.exe.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\az.txt.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\extcheck.exe.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationTypes.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\resource.dll.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms.tmp 551fcadaa9998c365de1331dc7df11a0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmpFilesize
360KB
MD5a615c9be5e688de9caf6786eb9a5c92f
SHA11d92c87eaf925ca632dbe90298a96387568370f6
SHA2560212f4a2b3c49cd19cbd1fe9dea21bbfb4349ec41b15e35444fce2bbe4fa7a91
SHA512aac7057d99f239adce3addcc0fa6df0c700abee0f5fc7d9c5c4d2949f5112b3650fd7b69813bb37199af200113aacb1e099c9bbd50f2308bdabaee68ee6e4b4f
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
459KB
MD588e4473e1c5c56c77e4157de092510f2
SHA1b2d6874b3ca02e61bc15e5ea210218cd2763b554
SHA256a4d11bac4b734a151b47ef04686ec9eec72430847b5baba3c3c9fe544514f979
SHA512a7ed74469a52b34c4bb5f0c8c39fd957ab238f5b87ae9d8040ef31367eca5d48c90796888db8e614fd091f6e60cafa2ebab779e559a542e50486b860cddc71bc
-
memory/2184-0-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB
-
memory/2184-1496-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB