Analysis
-
max time kernel
149s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 04:14
Static task
static1
Behavioral task
behavioral1
Sample
a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe
-
Size
76KB
-
MD5
a171155929d0d8778c6bfe1a1ebab5d0
-
SHA1
5a94285f1328fbd43d7df517839da3e7e4bee9f1
-
SHA256
1f13c743e8dbc5621b4c7c031ce4abf368a904736543700751658371ae9a998e
-
SHA512
f631a1440362c2ea8dfc9f9eeabeddb20a0d5464a12d39edb38c71a8cbcc29f9382983371f7c4d0c426509993c498cdc992c8e672a71e86a89f295dfd88b8f27
-
SSDEEP
1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t5m0m6911v:6e7WpP9oVLQthbYY9oVLQthbUrt7t5m6
Malware Config
Signatures
-
Renames multiple (5197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClient.resources.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.tree.dat.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\lt.txt.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmpFilesize
76KB
MD53fbe0e4153128f73765e8deec9b88851
SHA1710028702792d56c8d5b853ffa3233da6d393da6
SHA256e1b52c95f5a9560a9175a654fe02130eb9e045fb06b268b27b16762b9d57e86e
SHA512ce016381ada5c9c104f8354934537a21c955d0f51dc1a2965467d1445f2eea3ddd6c84bd960f6d0fc84100f17be84e0357277f9709b240eecb79c40800d5adad
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
175KB
MD5873608fbf843a4f2c8ac2ac10980497a
SHA1d0c66ad76cbd576b1f1450f73d00d47566a20e0b
SHA2567cff028a7db4ee2188074ae66a1800d5435c197819f41eb771e6ce317c8fb6ca
SHA512bcf1733a45c4cd11857b4f01d9c151a94a8238d19bcafaa086eea51bfee88d64abf3fcaa409ea8b47c5906808d43bf6f1844e744b6ab558984d442e316af1e7a