Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17-06-2024 04:28
Behavioral task
behavioral1
Sample
488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe
-
Size
92KB
-
MD5
488f76098a557fb60ad2dd2519ea9f80
-
SHA1
6a351f08f4dece71687e2ed850b530246ee7276d
-
SHA256
719d949878c9848b40bb8cf8b9099cefeb61dcbc19aa9aa3bce2c34aeacb1e09
-
SHA512
3a7404a89685d78c4e485bd7cdf6add36b5fd5f3385790918d8cdf689058e711ea0e0c2f3ebe6cbe4f26869a3c4aeb3443d9cafc0d055ee35a967a94aa90d28a
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8RFUmXm9sprayj0FZ:fnyiQSozmqswyYFZ
Malware Config
Signatures
-
Renames multiple (5188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral2/memory/3788-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral2/files/0x000500000002328d-2.dat upx behavioral2/files/0x0008000000022970-6.dat upx behavioral2/memory/3788-1888-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ppd.xrm-ms.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.X509Certificates.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\javacpl.exe.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXC.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-pl.xrm-ms.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\manifest.json.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QRYINT32.DLL.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr\default.jfc.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ar.txt.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\kn.pak.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.MSOUC.16.1033.hxn.tmp 488f76098a557fb60ad2dd2519ea9f80_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5124b40676f0744aa8ff6fe2e3fb1e3be
SHA16a03c98cfbef3d42d1521f7d2ce186309f1aebbd
SHA2569a67bf4ab5aa5f8a62e12bb908c52e058e0563e43c0ff3fbab0c420693612e54
SHA51270fb4cc3e45b52c9c1be53abadc4df4649f6753b139044911a014b9658d13a7675b0254270f1987744067b92e928d9452cdccf1dcafa77c00884eedded8f7e25
-
Filesize
191KB
MD513250367546f2bfd6e68ae89e2a3e98b
SHA1ee2784ba352492181434a63adf778eeb4d827822
SHA2569175233171fa2c8c5538efeef638254aee0021207fec66c5794a297705525278
SHA5124e7fbaaebb6f8743e0d68bfc025324db6f56bdc5dc81ebb3da95bfb5115081cfa66c6d49eaa68d8307527c1827e3ae874c719773f4d0be61159c0785406fff04