Analysis
-
max time kernel
149s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17-06-2024 06:49
Static task
static1
Behavioral task
behavioral1
Sample
5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe
-
Size
82KB
-
MD5
5cde2bca4687b28bf389948f6944a540
-
SHA1
69c234ac6d82b3ddefe2b39174b87e07e1750368
-
SHA256
8df5aa50574578a37863f41b1fba422529bfac71eccf326e32e35c4c410361ac
-
SHA512
900f0ada5e3abdd055f6a184e26f0baf0375e4096925f77c9aec74ab06cdd7f7ffbb567a7039be0b5b8ba7eb7b42d5b1632cf033276fa8038eb6af93115742e5
-
SSDEEP
768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJPwF9hHMZIa9hHe:W7ZDpApYbWjIlE77ufL2e+efZwZavC
Malware Config
Signatures
-
Renames multiple (5187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Design.resources.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ul-oob.xrm-ms.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-80.png.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\proof.fr-fr.msi.16.fr-fr.tree.dat.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\id.pak.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ja.pak.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ru.pak.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PowerPointInterProviderRanker.bin.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\misc.exe.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\osfFPA\addins.xml.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\7-Zip\7z.exe.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.SETLANG.16.1033.hxn.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSYUBIN7.DLL.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\DisconnectPop.dotx.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-util-l1-1-0.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp 5cde2bca4687b28bf389948f6944a540_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82KB
MD57d913978cedccc008224a3e6bed2febc
SHA1d4610ac1171a06590f41563fa12f6b3878c22348
SHA256c400cb2e1d7adea4b7635503faf6afada732390db418df3a86ebc34a052d7599
SHA512ba161984d115276f0a03c15ece8e3e38c29eb427317ecd6ce566866963fa745e122583d0848453d3e2ef6ccd944d2fa8f0e9e5e65b4fd004a42643b89060c52d
-
Filesize
181KB
MD56ba7361dbe9d9685971c6d9f5eb23cfd
SHA14dc747d3a98a2340a78562fdb24e0df2e4c89462
SHA256eef7bf1cc030c8c05cb916217c807ccb10da8d0d06ae9d3d11b0cdef12211463
SHA512e1583294c23e90f44dffc331c2831a51f6f82ed349f1f9488c10775d3b638b808b03308c3abef2aa790404ac77d5ed591f41bd61e07cf84b44330fd1264cce11