Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 01:58
Behavioral task
behavioral1
Sample
55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe
-
Size
176KB
-
MD5
55605ac9c54d8bd0e85343c0f3492980
-
SHA1
ebc2a1013321e44d1fe8030365b91b76406197b7
-
SHA256
bf97ea75a73e8da24e0b2557f20721597c6351c29cb8c03e1bd5e917d69f831e
-
SHA512
6674679373ea901febfd85a017205d1159fb44285aba8d65f22d1fed014e319163444782cfc7280e4261dcd26e764028c7ffec6b4b8de595ab7ffe67a7082fba
-
SSDEEP
3072:fnyiQSohsUsWU9BK3wnbQ9XI29xujGh+OVYB+UlIFbcka:KiQSohsUsWU9BvQ9P4Gh+EYB+Ul2a
Malware Config
Signatures
-
Renames multiple (4725) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/4580-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/4580-1758-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exedescription ioc process File created C:\Program Files\7-Zip\Lang\ext.txt.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ppd.xrm-ms.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoDev.png.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\7-Zip\7-zip.chm.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-1-0.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xml.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp 55605ac9c54d8bd0e85343c0f3492980_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmpFilesize
177KB
MD5e9182178c5c20c7319b220748ae9abe0
SHA1ca7aca7db4add161c5d9ee86276edee211b6e73a
SHA256c30808937ffd59c4b8d1f1261bc3eb323d9fad80ffddbecc7cc2e57820dec7cd
SHA512d9a769b5627bd80f1f4d5a6bfc64223d42b0375473f35390188acb7e05e49d64f3d934bf7950f0d5079ce2145a46e8faa53c2db449016ce26774ba2518ed290e
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
276KB
MD53dfd99b2a2d0fc5a1148376c631b5f99
SHA1a8bdee620c23fd0a3d750ac43ce44ba1c96b467d
SHA256d712224abe30b6c346f36a96e1e0e37dca174555960a9de7f4c11d3233789dd2
SHA512a0eef92ac4a771b376c15f51aef36ae281e7230658da24d81d3b30899f28891e672fbea6a7123d3197fd72fc4ae83882cda79ff2e138d9ca89155f346b5d0eb6
-
memory/4580-0-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB
-
memory/4580-1758-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB