Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17-06-2024 08:31
Behavioral task
behavioral1
Sample
6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe
-
Size
68KB
-
MD5
6abe45503245f75617535b6b3af0cb50
-
SHA1
efe0c9486fd3f2b7da76dac1cda6abfed5f57a39
-
SHA256
3927d414c049e273f46d16d926b1a79f90a2b33b47c9273e63b334a47f542c59
-
SHA512
2ae4fe19189d4f29b6b3b81dc4f2c6b5ad426912cc033a1b9d99037967198bf8e2e1c34d032f26c1a69f575c4183add7993effda5ee58a9246ab5dd083c0654d
-
SSDEEP
768:a7BlpyqaFAK65eCv+cIA0fm7Nm0CAbLg++PJHJzIWD4adZdhAIuZAIuniXk4j:a7ZyqaFAlsr1++PJHJXFAIuZAIuz4j
Malware Config
Signatures
-
Renames multiple (5262) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral2/memory/2620-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral2/files/0x000d000000023383-2.dat upx behavioral2/files/0x0008000000022970-6.dat upx behavioral2/memory/2620-1956-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mip_clienttelemetry.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.DATABASECOMPARE.16.1033.hxn.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.White.png.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\management-agent.jar.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ca.txt.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.tree.dat.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ppd.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp 6abe45503245f75617535b6b3af0cb50_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
69KB
MD5f5e786d136f9d5659a59285a7d916bac
SHA129f6c6e676f4299c4ef0fb1a2b56869719bb3452
SHA256b62afdb5d840be779e0a7cdb82b6869c42f7cdc8099759a570af86378a058f1d
SHA5121683044d47c4154fb8572814e150746a9d41e346281885dd814f3e75f372070741fc578fb35f3bedcaed9b4a66d7835a1b57c4af62bacc1fcc70f21ffc75cafb
-
Filesize
167KB
MD5c51b2b117c9d3a054730270b44b83efb
SHA17fc199eb3b0ab6bca9063066db131f24489f89c2
SHA256fd039d66faec2108ba5d604e34069df7c7309eef92590719c258b2b599caeb71
SHA512f2170e891b2514bc898aed6b98173950ff1589be1233db92595d31f1ca134e964caccf160a1d5ccd12560ab5c9707ddaadce78ce90bc331b8b23c22c58654b89