Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 04:21
Static task
static1
Behavioral task
behavioral1
Sample
a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe
-
Size
84KB
-
MD5
a1ca54da009621d5ea573935c915f960
-
SHA1
48ad6bb4f1e79701ae6c316d19a48068ae39cb3d
-
SHA256
511092292fb93602bc0ad8658a15db4194a26a682f9fb9aa4bdb5c0170dcd76c
-
SHA512
c2c3ccd379c0eb7f1a7f8cfb258f33997cbacd021eeee5dd734b0b8fee073e48b66ab7043ecb2b555761f00ccd5af656198ffedaaaeff9c031a8f00cf0ae3a03
-
SSDEEP
1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhq:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs/
Malware Config
Signatures
-
Renames multiple (5031) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exedescription ioc process File created C:\Program Files\7-Zip\Lang\el.txt.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ur.pak.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ppd.xrm-ms.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\hi.txt.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\kab.txt.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-180.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Primitives.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.Common.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClientSideProviders.resources.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp a1ca54da009621d5ea573935c915f960_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmpFilesize
84KB
MD59a4625eae95d41b6df6454093b76faf2
SHA1c3641e9afa700b9495a11f46678ac8663c33575a
SHA2563c1ea4836639741c6064c5213445e4cae45d157b5b30b647e8144c4e15228a97
SHA51244d390982edecd3ff9c8e74484574003d58518750a0804c566d0a048802eb565781ddb38079b293c5961da93ce08c2a839afc4227404a899eb75d699e2aea4b3
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
183KB
MD5fa21c45daf75be47af8392feae7beec1
SHA16d39068522b8446f57f93ea0770aaae1635f8aaa
SHA25617e39e7adf2e381cbca42994ccf03b80ce50628435420c8d31b96b383234bac1
SHA512099dfb95a44ca37f061a287a8ceb348be99222ad4996b0461ce4d6651b0769de34bab3619b48aae64bcf9b9d2029674f4740b331a0673db209509914c79d8432