Analysis
-
max time kernel
150s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
17-06-2024 04:23
Static task
static1
Behavioral task
behavioral1
Sample
47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
47fb26a32c9e504cc94d324cb728a3b0
-
SHA1
1d2e46aea964d770b6e95de5efd6fc5e8281c00d
-
SHA256
a49cb34aa05023fcbb24c375e983652c3143c5a6f60763a84f05828f682a47f4
-
SHA512
20b7e750fffd8fa731b841a51c18daeef7d70050be78c0eca215215a25bcec8577205430be103ec8b54d6bde9bbd15439d21b5aa8cae6472c33f64481e8c3983
-
SSDEEP
1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhj:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsq
Malware Config
Signatures
-
Renames multiple (4773) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\msipc.dll.mui.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msix.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ReachFramework.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msado28.tlb.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationCore.resources.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsBase.resources.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\instrument.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp 47fb26a32c9e504cc94d324cb728a3b0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
80KB
MD5329ae0cc6daeb7d83074f03e035fc554
SHA167f88e5bdc2210c4c22ae08b477c10801e556505
SHA256633da2e4c2e26e6ec0942c995e4001cad19cc781eef880ac15c55ea538741be9
SHA512ae15bd3318de217d99799cf38b360abafa1492dd86a672edb615b403ff7597ca29914190abf5ff96055ac91b21cfb5ae8fcd3c52f27e489e2a4bf32a112ce89b
-
Filesize
179KB
MD57b01e96041ffbb323fe15fb5db645618
SHA11a973bfa689967814fd3bc801329f650222eda44
SHA256e1dd718e3902e0bc92c554f6fdebc4d141c1354e3e673e1c50b91305d736a576
SHA512ac18e86040c5370a43ae867e17a8d0070633e3590d7de6c2a93320e8561566c2830e0cc260248c1803b3d3afb2b4910fb0d22e3ec1279c86f382001fbfb5bb1b