Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 04:07
Static task
static1
Behavioral task
behavioral1
Sample
a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe
-
Size
70KB
-
MD5
a10caa57e8e334803b2383aed6749070
-
SHA1
4da37659ccddc0e3f77b2aa1e60074ca1cd217d5
-
SHA256
0d0e9ae4c6cf81e07f9e57fcc8410e1e3ae2cf172d45aabdec6a4525747aa4a9
-
SHA512
90ff9db6a0b4b3df5e8330e297ffa2f90de2c3ef06489703e4c8494a2d220dc8c20422ffbfac5e558a6e701d5dc51136282f7ba0f5af4002866f2d43de6b0f6b
-
SSDEEP
1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhl:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsw
Malware Config
Signatures
-
Renames multiple (4867) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\resources.pak.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\LICENSE.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\th.txt.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ppd.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\external_extensions.json.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp a10caa57e8e334803b2383aed6749070_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmpFilesize
70KB
MD5d5ccb522d9e8342831bfe6ff89ada965
SHA1bd43745016b41171a994823b6e4993c6a3725333
SHA25608519ecc288a44ac443f53c14947393eb66c15bed90468ea72d7fda0842b1c42
SHA5122c0f04c1bd93f86cc777fcb82999ec4ddc393cfe898555ce5126553058269d1adb2e7728136bf694258e9ce139e5a74bdedc4236f6581a84eb49b5a4aaa7e2ee
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
169KB
MD59fe40a7343c82754efb73f49e55134d6
SHA17abf25e681bae16113ffe0b4b90442b8981bad45
SHA25633ca879adb2cdd7fe76ea05a725b7087faab7410a71eaf3541b962e90a9f2df9
SHA51223135890271d16cdae5b4457c8e9fef61015c2a17fb26f5104e328d23f8cb2bc005675204a2df6326b733e54e5b639c53c0880431ab9a0a8807c36424e0f5ceb