Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 05:03
Behavioral task
behavioral1
Sample
d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe
-
Size
139KB
-
MD5
d771a2874daf558e90f3747a1b379820
-
SHA1
0f1d33361b1e3aaf994a4201bcf06ee832f8aef0
-
SHA256
4c27b62874d12ad4bfd493160ec1625187610bba607489d9b5e3c833872c5fdf
-
SHA512
86b927a7dc08498fc551cd2279a865a539f0901feeb0af54571a3d61de1d2524071efc47cf34b575fa06d54b79041af0f665e59643d9945f13b8f03fb164efa1
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IteTWn1++PJHJXA/Osw:fnyiQSohsUsWU9BK3IQSohsUsWU9BK3X
Malware Config
Signatures
-
Renames multiple (4841) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/4128-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/4128-1762-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exedescription ioc process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\mk.txt.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Primitives.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\icu.md.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-140.png.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\excelcnvpxy.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Overlapped.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\psfont.properties.ja.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.IO.Packaging.dll.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\plugin.jar.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-oob.xrm-ms.tmp d771a2874daf558e90f3747a1b379820_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
139KB
MD5ad59dcb962b8ed66ee0c01b680f85cb4
SHA15b2d249bb200c39293ae95f14aeee41db2a76902
SHA25630ff968bea339503de10d2b6e1e7cb06b835d9face2f40b0a0ff0ce7b207cbd0
SHA5122b342118b3f315b30b48474c04436fbc6c121cfa53deab314a168e19b11b4305275d0e0e9b9870bbd15514e157f996b110b6587cc70ef8b57f11e7683cdfeccf
-
Filesize
238KB
MD5387ba98178119cc67c97131bbd4ef223
SHA1345b34945e28294ad82f6c2873c08375c388b883
SHA2569fc33f558434667b17ebde58a61b7e90a063d129bc16caebe169965272177182
SHA512358e4d688e1e681b46b911e14a63295015c34d1258c67d6f19670a9d14d9d8c8b9c391ed0c7bbf8e5c1fd81fc83597ed175c6db31fbfb35cf75892fbfb678202