Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
17-06-2024 06:34
Behavioral task
behavioral1
Sample
5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe
-
Size
73KB
-
MD5
5aa170c483a04ff636acb1e846938290
-
SHA1
9770d7a5cc7bc6da610d2700ae7287c3d3c4f75e
-
SHA256
3b3b8c03dc75e294ee764a820f27447145410c894c0697fbb78ab986126b71c5
-
SHA512
4eb80112f7bf078d09a5c3cafd717167354f73ace5e34b8007375655e30c7b193f1dbc6b549b8e7c935b1d6c9be8933546c14615504434d7be74c19f8bde775e
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8XJU:fnyiQSoUJU
Malware Config
Signatures
-
Renames multiple (4721) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral2/memory/3428-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral2/files/0x0005000000022f58-2.dat upx behavioral2/files/0x00070000000229b0-6.dat upx behavioral2/memory/3428-1667-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\yo.txt.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-ms.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.ServicePoint.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsBase.resources.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\kn.pak.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\security\blacklisted.certs.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp 5aa170c483a04ff636acb1e846938290_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
73KB
MD5933c619884f1c0e98a9e51d00dfa1060
SHA14f41ab6e52aa7ae64a6274a81613300285100b20
SHA256685e5bd821da9c90e27e5269ee78343c31659f8fea2dce4cd44cb609a036b751
SHA51218c85d5c599303c17aeeba6fb25afbbf2ddb54186520226d5c4b605d6df65ea939dd94640033e4a6220dc3972cc49cc85eb5815d3ce228f916975c9cb5040c7c
-
Filesize
172KB
MD5d2ce8d05e06c4191631b4441b16a097b
SHA141be20c38ebc53c89621882bb2f7df3bdde25e02
SHA256e8cfdcf7f2aa021cd2d513fbf3dc9a38cd274b714a13326a558a333b900b8d7f
SHA512126e051c8b7ddd547ac63e449e4150e66271c0efdc37c88aa283c0f787846f3bfbd5c855c91eaf1d8c36c7f017ddc3651af4817710d094190752d1cf311ac50f