Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
17-06-2024 06:29
Behavioral task
behavioral1
Sample
5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe
-
Size
68KB
-
MD5
5a1f5538116ce46cbce2e237487f52e0
-
SHA1
07e59efb50bc0a6450dc289c41ef2622b1e7742d
-
SHA256
2549f0a3ec3be98dd6d90977ebe7159e634db2d397516cb88d37e1137829b65b
-
SHA512
5bd49961191be3fda8796f2b17c3a460d4d65e4893a6588f3e8b34d8e453d289e473d75485ec17ae7b64c959967cb19ba96abc431fc8818bf6241e38c354e62b
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8z:fnyiQSoY
Malware Config
Signatures
-
Renames multiple (4865) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral2/memory/4900-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral2/files/0x0005000000022f58-2.dat upx behavioral2/files/0x00070000000229b0-6.dat upx behavioral2/memory/4900-1780-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ko.txt.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hi.pak.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\7zFM.exe.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\bn.txt.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-US.pak.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.dub.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\uz.txt.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\ucrtbase.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\EnterTrace.crw.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD51b4392f834bfe290544e76bdc92ddc60
SHA1cc54a73ac90657881887767d0fc95598e6afe7b7
SHA256792dd60e7bfe9c25c02e36b6e465d898a5cc8ede336a35608c48a95ad182d1b2
SHA5121b951c5ebf1a3005d5cbb498531b24a869e66b333f51cdf038a7a7a00963fa8e3e28ee149ab46226a6b9968631421f84d616e9c1b7d50ea3ad8eeab9eee2a5ae
-
Filesize
167KB
MD56a85c355f2deb47ad851b1602d5e6abc
SHA1c8eaff0b733b4fa78e8c45419b91310da87d6ea9
SHA25618150f044cfe0839e3dd3032885ab31ca816b5a16962411348f824beb6df2348
SHA512a643f905e3dbd37ff9bb5ff09d674be7ba602bede38e194847e22c31ce6d819f67d3ef95614d229af13d4b23c34a8730a65360be28e4104d7e3a8de5eaec5c42