Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 03:50
Static task
static1
Behavioral task
behavioral1
Sample
9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe
-
Size
74KB
-
MD5
9ff6db7f6c65781f7bf852cc779ba800
-
SHA1
7d9a1c2c23e9a7f225683e96adefceb594339fa2
-
SHA256
ce0fb52106c19f407d25f55ae22e1e670eb534fa937b2385d91a5013e599aba1
-
SHA512
8212012652142c5db8982dd9e8d74c7d138779c691c6db6216c40aa97d1a23260d1f5679be414dca3ba8cd68355dcfc589d1b2e709940517eabaee34c983d070
-
SSDEEP
1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhO:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsT
Malware Config
Signatures
-
Renames multiple (5257) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exedescription ioc process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.boot.tree.dat.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\java.exe.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-ms.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.dub.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\manifest.xml.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeExcel.nrr.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SFBAPPSDK.DLL.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fi.pak.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.png.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\LICENSE.txt.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmpFilesize
75KB
MD5e42f507b574d933aae8353c70b133085
SHA18d077a115d55089878ddb8407b9f24df4c993a14
SHA256bad5e849876fa4770c30de52d1da73515a1f5fbad0efa90046005c7a0a513f32
SHA51228f4bdc1b1429bc1521f91dee8894b53cb8e6b95fc08fd299ad1d99fe456266910373dc815a2e2e3baf913474d90f9ef236a483b6d7cf034bb63139fb2bb879a
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
173KB
MD50aa071ff00317e21117537c540967d89
SHA19fead83876d36d9d5d7e316d4380eaaf77dfc6cc
SHA2562eebdf811b0c3231ac8f816b9f0f84930b3d27e6c9688025783230bbde877c7e
SHA512973ae75944e7d0a1ac9bac1822ab464fc2e3889701e86312f63fd54dced2edfb824ddae0b7746ba1f760b03f525bacbcfa5f1a9a855a0d2f88e3ea99a1cc8973