Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 05:00
Static task
static1
Behavioral task
behavioral1
Sample
a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe
-
Size
316KB
-
MD5
a43cf3656d6ffc79a07f80f00e4f3b90
-
SHA1
ffb8effd2b8659224eba62eaec1b11081e6e2100
-
SHA256
e640f79b50024d7c43ff90195ccdb2493d7dd6d2261e9473bcb0721251ff0f16
-
SHA512
0fa834bc8e09b5d7b7fc9fcda2f8843b021a540fdd653dc0740008c43e9bac30cc7d32a51c12b2a1119f658251a36782c08d1da368efe874a0c6a66d7aee132d
-
SSDEEP
6144:tFPxPke+eIr9RUxfKIuqBcKxNWdp+bkrdHs1lpaSL4vtv:3PxPir9RyiIuGcKbpaSL4vtv
Malware Config
Signatures
-
Renames multiple (4638) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
Processes:
a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\ieinstal.exe.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClientSideProviders.resources.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ReachFramework.resources.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\java.exe.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ppd.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\et.pak.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp a43cf3656d6ffc79a07f80f00e4f3b90_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmpFilesize
317KB
MD59a43ab1aabe39965bb54f46b810b9a31
SHA171ba65e4b7977348d459f2b6af22b5399e8ac292
SHA2563876de2134581210357ca6548c845ad1bfb8d9e6fe1c5bf6211279d0f11535c3
SHA51247d27802a99b08016c84a657a275654ceb74cd6488b233cdc238a24f0f832af74f25538515370256a99b27bc6a690c807493e2ce3d46c6a4557cce3d112f80c9
-
C:\Program Files\7-Zip\7-zip.dll.tmpFilesize
415KB
MD505bfedbaaa3879bb75828e8cd7a0aef8
SHA1b89f18afc0c2a75127472d69a766b9cd0ef9966a
SHA256fd23a3acbf2a3584bab452c7c5b693be24d2ad623bfe4f44e483a6dd557e0c6f
SHA5126a83f402f8b767109d7391627c5bf7ac3e1ddd4fb3924cfe866e0b6f4d946a6dc3fe6bc6fc452976396188d8c780d944fd017e63ad6b2ae94f8c82114a68fd0d