Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 03:08
Behavioral task
behavioral1
Sample
9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe
-
Size
91KB
-
MD5
9d9e7db55a5af752860e374463405240
-
SHA1
5376a10b305e536900ade56436d457bd4c7592f5
-
SHA256
fca07a458d5574250564cc538261e76ff808b5feced1b8db5b62f9f4bb3b2699
-
SHA512
edf819859cd5e57bebcf1a30e4497b393588df8ccf4de1691340c7061ddb148b079805584ce32917b3f3179f3d11ab956cef4f0c81b885654e2289ecfa04df03
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsxe+eX7n97ns1o8k1o8j:fnyiQSohsUsxe+erZs1o8k1o8j
Malware Config
Signatures
-
Renames multiple (5200) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/4156-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/4156-1962-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
9d9e7db55a5af752860e374463405240_NeikiAnalytics.exedescription ioc process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.Common.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Permissions.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemDrawing.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PDFREFLOW.EXE.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\mojo_core.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\release.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sa.txt.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsFormsIntegration.resources.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.Forms.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\Word 2010 look.dotx.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\tk.txt.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxbgt.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp 9d9e7db55a5af752860e374463405240_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmpFilesize
91KB
MD538d1d3668ac592a59a4a0a6c128c1b7d
SHA17a11af00d9f3fba4c4bd5e1237f78c793a533860
SHA25658216b06027988783c80240a6a29a16491c602db4193aec05a1d6fb78ae5ba89
SHA512640dc7e38fbece7e6f421201e2a907a8a1bf2ca348de420471a29b95775637d7256bb5fa76b6c24fea0bc4bf8811e902af640511afc029c3f48c93744c1cd6d6
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
190KB
MD5bf1e2eca029fe0d9069574553edb7f23
SHA11501d842dac443c6f76c6e0994f6a91c54e5d53c
SHA256e9ef12970e6b7c3effdbbeace858605b45d67b580e9bed6e2f5e2fe5561943f7
SHA512d06d68f228e328bed19c13676a7410cf82ab21e9b63e22f956b1747c44dfda845953eeb6f6690e887d371d3daf31cd1d45c6c5f309d422466d3c62b19f9a7776
-
memory/4156-0-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB
-
memory/4156-1962-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB