Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 03:16
Static task
static1
Behavioral task
behavioral1
Sample
9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe
-
Size
42KB
-
MD5
9e1284ab458121573aab140b409925b0
-
SHA1
e6b805a56ef6fb33e6e1fff7be491caa79f70dbc
-
SHA256
1bb2e79ccb16012c8197b013502954d098536fec325105c653011b2115392619
-
SHA512
43506b420f9498c29494740fb7883035b691f5a99818623e5070c89b8e48a22ac36208989502aae73e4b83c433272b9a994456a44818439a627f4ec95a56914b
-
SSDEEP
384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFAHsj:W7BlpNLpARFbhblkYlkuvIYFdj
Malware Config
Signatures
-
Renames multiple (5339) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
9e1284ab458121573aab140b409925b0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-pl.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.White.png.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sk.txt.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationCore.resources.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\Office Word 2003 Look.dotx.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL097.XML.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msoetwres.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-stdio-l1-1-0.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\AppXManifest.xml.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\vccorlib140.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.White.png.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp 9e1284ab458121573aab140b409925b0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmpFilesize
42KB
MD54de755680671c926f5c777bf58cab200
SHA1495859a8d943a7fe09dd49cd406d1b954e7b1202
SHA256b58fefb28da20ac3907939a909b0adfceea0060ed4975b26b662087b5e3e617a
SHA5124833658da146f7c3f147ba7b1ebfa322a92580098d359123e40fe51bb0871336857e3217056bde57e7bbcacb4f23d21d60a21fae29e7583fb5fe111579f4d3c2
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
141KB
MD58c2d1b3b933a64f864a08b2a2ff6fc8d
SHA10552adaa70c99c97993b46ed8095688d48af7bb1
SHA256058ecd79b5ec60cb4ef03ce5dfd20a0c3342114565a56522289d6cfa7a595959
SHA512f93ac2807fca9d006739a4856c9a3feb773adb89e50cceea9b3743cf4a22f1dd02a8748ba9a4a996fa75049d0731831fe29ecffd248efad2891279f6b30165ca