Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 05:43
Behavioral task
behavioral1
Sample
da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe
-
Size
59KB
-
MD5
da0288aa5455216d53cacc8e1e2ba570
-
SHA1
13a965e9e1853895d3b9374a793de6ed374cee87
-
SHA256
f44d5fe798ba5525729ff6d2b7263488fdd18524881894cc4b421f3cf0caf0cd
-
SHA512
8206b2a0ab9a944fc3432c3e15479fff3be847e9c17de2347058bef6052dfb609c83e1899c1304f0aa4ed231675878a1cbf6503cabf73c8dd9c75715da929cb0
-
SSDEEP
1536:CTWn1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2Ir:KQSohsUsWU9BK3r
Malware Config
Signatures
-
Renames multiple (4823) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/952-0-0x0000000000400000-0x000000000040A000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/952-912-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exedescription ioc process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Design.resources.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Xml.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\fy.txt.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-pl.xrm-ms.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ko.txt.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\LICENSE.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
59KB
MD5ca54310239bcb3c98232c04d9d6bd24a
SHA1cb27e71e463c055e0589e9df4524f5a771b62877
SHA256bea2a98fb9997ee962557301e48d32a6c5ab05dd3f3147f34c035c22db2295bf
SHA512caf25a7b225bb3e20e411581059cac5a8fcf9fc23768f952907574abb8ddae72b9b7bfa1ef14e8de56b44d87ede07a16f835eddc3f5fb5dc22a9dab42855a3fe
-
Filesize
158KB
MD5663292d2afefc50c90afff3d53d03f2e
SHA13501eb71ab2735abb0bdea05a3d78a7c0157b1fb
SHA256538ea5b06f4bed441cd0c7ba62d7b59c01d9d2b84587799ee427fb752a6abda2
SHA512717a86b6746a07bab75b9713a4346345397445ccf5286f997eac4b8020f70d5a3b3fb7a71ebea9ed55d4e27d7c04725fb35f0fa12755cabf9c9dd17f02c1a7fb