Analysis
-
max time kernel
149s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
17-06-2024 07:26
Static task
static1
Behavioral task
behavioral1
Sample
61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe
-
Size
44KB
-
MD5
61956c16e785785755f7c1be4e8f2d00
-
SHA1
0f72cb97e76e50d20d31ad87a3e30e88d8faa03c
-
SHA256
208e066613ed185bba09ac4859d0c07bd3c27c647f882e18d20abb6ebce0d64c
-
SHA512
0ca974ec0f5b93b592868bbf89989316fd64fded99632f638283e5dca0ea44af76cae1b94377bfb611007f4a4a4ca2ae6b6fbc182095febc73429d1da5c90dbb
-
SSDEEP
384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFAHsnAKAC:W7BlpNLpARFbhblkYlkuvIYFdnp3
Malware Config
Signatures
-
Renames multiple (5187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\WebView2Loader.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\iexplore.exe.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\th.txt.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\ktab.exe.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\management.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\kab.txt.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
44KB
MD557bafaac6fc7a72285643f3c753b95ac
SHA177e79a8cd66eff97f075f13a975e30236cf4c8c1
SHA2562e7f084b75e75b173275150c8242ce6ba0d29c1e37a994917bd5b3dede6b96e3
SHA5120c9c34240535b7d0f6ce45200687ed854317b053dbfb16a20fa42bf30a211146525e2dce608d097d4b59db964803f00285d5a2bfad88b689a497dd50cd8de3c6
-
Filesize
143KB
MD5cea2526699a84dc941817e43f75ad9f5
SHA19acbe5af642cba358365382a592e0b4aec7947cf
SHA25631243e6189461e776efb10662bd2e9a2b26a1d2df8f0b9df2ca94d8d6bf335cd
SHA512949328ac309719e7b1a5ad5552dcd5f7d4a0049c8ccd5adc21f39adf8ac28ade40de0292d843c1203f73d9e7dbee77fde0aadbd4c1199af74e4d06f6fdc28082