Analysis
-
max time kernel
150s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 03:38
Behavioral task
behavioral1
Sample
9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe
-
Size
69KB
-
MD5
9f387f63e0c0d590228928d1ab7f6ff0
-
SHA1
90faa0600c0049af19846fdc2487faa6427aae85
-
SHA256
e8edefec19cb2dc67c92f29fe4bee4b91fa52347b4fa2d6b0578a7714c94acee
-
SHA512
774e052f645000cabc2791c13a1d0bd801d5b5432ab8bb8080ab811643251cfc236ce171e5f7b780d9f234cb90ddc76ca17e979a5caedc09b009abbb2d975cd5
-
SSDEEP
768:a7BlpyqaFAK65eCv+cIA0fm7Nm0CAbLg++PJHJzIWD4adZdhAIuZAIuniXH:a7ZyqaFAlsr1++PJHJXFAIuZAIu8
Malware Config
Signatures
-
Renames multiple (5243) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/5016-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/5016-1948-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado28.tlb.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msoev.exe.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msoia.exe.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-heap-l1-1-0.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUABI.TTF.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l1-2-0.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\HideUse.bmp.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.LEX.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp 9f387f63e0c0d590228928d1ab7f6ff0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmpFilesize
69KB
MD5b52af79fb148fe9714b3ea36c8a6c3fd
SHA1bfc5515347240573699f24aeb7cecf800d6cc48a
SHA256dcafc54e42af55d1b139147ba50c147643102a954ae2c979676dcf971d786d68
SHA512ca7586338a22aafedca94f2b95fa72192cabaaf477bad99a82ed74d5441b419b60d945fffc448f6ec882c5aa24b0e0e423bbb3c0faf9cec6d5a6b92cc2d9bce2
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
168KB
MD5f8b1574c4ae8f7d0b2d17428b0e7f5c8
SHA181c5c1ef590ca38e422e9a652e9ec27afff4db4b
SHA2567f53329c9d8a6c426f3862082d14404e99674295800d1cdc8e95327acdfeed42
SHA512fa324eb6be98ea53ae17c2a0dcabd856b867e6c223b57484a1d0df41d6ce3227d7db6281ecca0df1777b881f6bb40fecfd201bc352c828cdcb7e9d25fea27728
-
memory/5016-0-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB
-
memory/5016-1948-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB