Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 05:58
Behavioral task
behavioral1
Sample
daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe
-
Size
967KB
-
MD5
daf9ce949fa49db91d48dfedcf6833e0
-
SHA1
84586a9ed69bd42fe9992c697c30dc991e6d0530
-
SHA256
3bf851200edebdf4a6642fd36ef53946dd671c1be3c5f52d4623f02e57d1120f
-
SHA512
9616feef093d813c772c6f90f02b9d65e2faecc814a945bb4c019807ca2745f4ff2ad618d1856e0ffd6505064c705c957c8926949e4db7c5b84d1d3d74295c75
-
SSDEEP
24576:VIDU9BiDVCPGccbubHu0cMGKNkwl0+r+tESyVbEFfc4KccyMAPFmjPkWkhCkhVvf:VIT3
Malware Config
Signatures
-
Renames multiple (2124) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/2192-0-0x0000000000400000-0x000000000040B000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/2192-842-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\ReachFramework.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsFormsIntegration.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\hostpolicy.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\et.pak.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\libEGL.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jmc.txt.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\tr.txt.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
967KB
MD57de25cd7a957ed0975bc4be9023235f2
SHA105e05ee80ec03c4372c99ee2f4e77bbf4d6a3140
SHA25699b1211f47d9d9b092255c5babd50d6b632e6873d029d897cbc3d50f9bf6b352
SHA512be350f5126ddfd38fbd6d04cc7d4e4ee638105ea6841dc25043bab41f3f2260a2e4f30a0084a2151a5118428e4d1c71c6c25e91d97a713124ffb62454d0d42b1
-
Filesize
1.0MB
MD5b007864365684c55b447d097e6714cb9
SHA147087f1cd004963a54f2d4d05b2a39faad1bad91
SHA25634085f9412b56562abdb90154025be5bc767810e37f60fd3be7e12383465c47b
SHA512223f8d1319c12221623ff51886b055c9cbef71b6b304f10984ad4aa1e1f91f62bb9068d78101671c0f0e59550205738d3787d84b3452e358e13e9ef842bfb4cf