Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 05:05
Behavioral task
behavioral1
Sample
d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe
-
Size
59KB
-
MD5
d792f933b6e502ddb1f4da31944e4ca0
-
SHA1
9a6b925ae5d9ec669d096548f250814a4a10171b
-
SHA256
7b6f6139177eb52725c8aa6c789db560f9281f38f8b5941c8f7c8de404d16de6
-
SHA512
8e77ade8294e15c9069598b0a3ea2020c7028a0788f696d45bfa65e656bc4ecd8970667d24b038c0beaa7fe922e302e7e8f5a9c6f1911ff4215cc7a14c837cfe
-
SSDEEP
1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsxe+eX7n97ns1o8k1o88:KQSohsUsxe+erZs1o8k1o88
Malware Config
Signatures
-
Renames multiple (5117) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/2276-0-0x0000000000400000-0x000000000040A000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/2276-1114-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-phn.xrm-ms.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\WordCombinedFloatieModel.bin.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Controls.Ribbon.resources.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\CheckpointSync.wmv.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.bundle.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.boot.tree.dat.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\Blog.dotx.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\el.txt.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ppd.xrm-ms.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-1-0.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.White.png.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
59KB
MD57f180ec7bc10dc1a1b20bc5701327cd9
SHA1ad0a899df66f910e3718eb9d7b0426b237cf9f18
SHA256a2b2d658c6dc79d9662c96abf5fda59f52827ed8dd5b69ae3020ec7ced6ae093
SHA51200d35c0bc2886eeb184d214a7e416731da8ab5a46219865967d947181f301bda00d946f57dda2d72f0a2cca022c726031cc9bdf4ca8113ff69a3ca6e42188356
-
Filesize
158KB
MD573d83ec6c67f57910fffd9696f30bc61
SHA15000a7eaae03e3039548db62a8f88b921cf352df
SHA25600155754ab082832a3992392f2ffd9371c8429ce47324cb9600bd44d1585bb4a
SHA512e24c6dcf804364ef189955a12a57897d091adcadd50b5b91561865f8a4a90bbebe6146d3648e225fb897910c9d4f3e9f5aa4f6788607bb0f06dfbf9d932ae3ca