Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 02:09
Static task
static1
Behavioral task
behavioral1
Sample
5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe
-
Size
46KB
-
MD5
5622aaf012e3f8a7bf39f2d3c3c65f50
-
SHA1
dc9f21ea80431e02d3c754e424c90f177e8a86ee
-
SHA256
8178ddb796f0b70c69fc7867889eefddbe641ac3536c18b4ad3efd11efa83d7a
-
SHA512
0e23667a77bf3fca08210556ba943e17720701fcc98495903a70abaea2b462b5073c75fdcd0ba90e458a622837923a37516810c565bec9a0ef1e134e815da8e3
-
SSDEEP
384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxxbNgbNjX:W7BlpppARFbhWJQi1X
Malware Config
Signatures
-
Renames multiple (5246) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.tree.dat.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-pl.xrm-ms.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Extensions.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-US.pak.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\br.txt.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\catalog.json.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\tg.txt.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp 5622aaf012e3f8a7bf39f2d3c3c65f50_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmpFilesize
46KB
MD5532d6a764ab01e8b7595dc07c549e410
SHA15e59e8487e4d03de7086d7f46d49be6822686d6b
SHA2563622186c98f59d45c27d179eab6e5d901f43455b221b118f0c40be6dd225dac3
SHA512ed71a170514c7490b22f999db8e96b2d5a21b9e9ba9931f7cb649216511a2a6f2311d3bafa7006784055827213a2f9f3b4c58ba7c92bb3a41fc75d45a2410a7c
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
145KB
MD503cd5ddbb931961de0ce0c298918fa8e
SHA17055b548d8f309007de07c641ea3f1c70ff2614e
SHA256acf0939a548e873273c7780a9c0227178d522692d980449d230c7357467c83c0
SHA512b92f9a3680b658e5620269e5f42060e4bae85b72c00fe4c6191418005deaf6f73aef8ffc7bcc3d6470f9879e80ff26bcbc5bf536868abc51445bca31c25e27a4