Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 04:20
Behavioral task
behavioral1
Sample
a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe
-
Size
73KB
-
MD5
a1b200d420ea0e0720cc99fa123a6e40
-
SHA1
102bb3088358c1e8b809565c7cf0c6ebdc62ebb0
-
SHA256
badb5f9b6d027fc3a25c0d7ccfafd11eb73154614717f1eb265d6c2e860827dc
-
SHA512
9122d210fa2c34d26cefde86d06524e886b40502d1350ed0a7706d9dcbf62a0ea16d86bcb5193279e35c644ac2114894274043f05de8261f64d4070c1694408b
-
SSDEEP
768:67Blpf/FAK65euBT37CPKK0SjHm0CAbLg++PJHJzIWD+dVdCYgck5sIZFmzWzXUS:67Zf/FAxTWY1++PJHJXA/OsIZpPEIUW
Malware Config
Signatures
-
Renames multiple (5235) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/1272-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/1272-1952-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-convert-l1-1-0.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\FA000000050.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\GrantBlock.zip.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\StoreLogo.png.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\nacl_irt_x86_64.nexe.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmpFilesize
73KB
MD56f819bbb7dcb2da2d8ebd3bc3e6ba7de
SHA132d953b00a486537ec587298e36d270701a335cb
SHA2566d73fd4eaf710c0748bb3c69a27dd836bf54e2078f6b71573381986be2368a23
SHA512483e87b7b81fee9e7858370a6a9c6276bd42b522518e9d096f6898a18ce267464cea672b6594c8d7515e729675977538ffdccacbf9772e14bfa86b34be80d372
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
172KB
MD5226fba38d23035525cf8e375c079cf79
SHA1512b2a6729da7314758bd4d91de457df838d74e9
SHA2567393c99e0c2ebf7b9fea5513e6de7bc86a6fe0f73ef24f1fdb34e568c3b4abcf
SHA512b8800b72309073547bfcbdb5836b27cbc88c6d59d52e7751fbb50ce1da6286d1ed63a8644ad9a17590eb4248cce727fba0d674d912e9e582af48628ac5c4fba0
-
memory/1272-0-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB
-
memory/1272-1952-0x0000000000400000-0x000000000040B000-memory.dmpFilesize
44KB