Analysis
-
max time kernel
150s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17-06-2024 06:55
Behavioral task
behavioral1
Sample
5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe
-
Size
69KB
-
MD5
5d57aa7283a0a7f8d0878e0211bf3be0
-
SHA1
2bb24e5ed342649bd780156b723a5f00c75f057e
-
SHA256
df5ed30a7f8b9ad8ceeb523c542d0d76cdb6489cc3b14129068a8e94eba0f26a
-
SHA512
f8a7f122276556daca887216f2454e6f4ed4912d3ccfdf66e20ca574e19d1e3be4de9a619199c3693a367558fbd3f33e8a249887c0d626e8ae2697f99d34442c
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8S:fnyiQSod
Malware Config
Signatures
-
Renames multiple (5236) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral2/memory/4452-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral2/files/0x000700000002326f-2.dat upx behavioral2/files/0x001d00000002292b-6.dat upx behavioral2/memory/4452-1958-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.png.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\PAPYRUS.TTF.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\mk.txt.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l1-2-0.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\an.txt.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
69KB
MD50fa078680d8c83022b80288d1c814422
SHA16a1f19bf366e069199acfe2628c241aa001fa164
SHA256c336c0ca9cfe4775031709e61fcab7d8f4041743d0e34b98e22dc07ff394f0d5
SHA5127c27de5ce8fb73a571b4078a50d975f825ed63d08ab83e4e22edc20c4b095f2a980b2f984da34e8a1883cbbe5136e89c6afd6b010c284cda4dda19de0e00aca6
-
Filesize
168KB
MD5c3995a282a2a0ba064e5263e3d6ab6bb
SHA13a9b9d6d094701d87c4b67042742e6ee5914af0b
SHA256d8039a834998f9253c735d2eb2789025b96417cd383a55bda3b4f89a03de45d0
SHA512ec5fa7162a1de3cc0dbda254e91d2737009e949ca70b78b2e49de0d523be4f5dc004c6e3502783a11c7de3e852e26ae60303e028dfc6605acddfef0371caaf47