Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 03:38
Behavioral task
behavioral1
Sample
5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe
-
Size
259KB
-
MD5
5b5cdc537a5baaa53898305be0d62af0
-
SHA1
2b367f92fac4ed486a331c494dfa7afbb6d68f79
-
SHA256
85aa5c8e2d96976559ce0f962683c7ae649f615ca2c9e54808c0c9e94e670515
-
SHA512
6cf2786474ee14e2247968258f20ad32721597aa7cff6b78a9f1c7e3964b55a1b7b16b4ef055ed39ae6677be4709eec98aa5eb6a8b880dcc8d59320156a00121
-
SSDEEP
3072:fnymCAIuZAIuYSMjoqtMHfhflixitfAIuZAIuYSMjoqtMHfhflixik:KmCAIuZAIuDMVtM/jfAIuZAIuDMVtM/e
Malware Config
Signatures
-
Renames multiple (4310) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/2000-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/2000-1424-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\mr.txt.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsBase.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\vi.txt.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ml.pak.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\management\management.properties.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp 5b5cdc537a5baaa53898305be0d62af0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmpFilesize
259KB
MD5c38db484318f29b7afacc76029a5a30a
SHA15931e8bb9338c31fa01c036bd8556ffc6edafb2d
SHA2563d5ab48a904ca7fc3c21155748dc9e2b13c9c3554ae016cf8c7768d2d3096add
SHA51257f460d2ae3dd78b87464d705728dc561b24c82912c5fe53f87bfe4b057049307438f90412b953905f1f90f60074aa086b55f3bdcb6b559f395c36ea9d238aea
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
358KB
MD54947c817d16f4957b9ba452d4e59c99b
SHA1baba3a9cdd2130f236c4e98e6a9cc593a6acd659
SHA2568604af84ffe57d5c0702a2eaa95a62b5901b59d94e8241434d739f2ae7b6a0a8
SHA51210cf237b80d0a939e6b192fc6baede6f4f04925ad244d65335e70250e27f86f6931c780af17b69d70d2118e3aee6dd31fb6b5e030959e61c0b070f34dd621dcd
-
memory/2000-0-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB
-
memory/2000-1424-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB