Analysis
-
max time kernel
149s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
17-06-2024 08:37
Static task
static1
Behavioral task
behavioral1
Sample
6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe
-
Size
50KB
-
MD5
6bb787327aa6b860121aaddcb311fea0
-
SHA1
32d15ad3f5f3494e02e8f1b7f8863d1914215b24
-
SHA256
9013f1d436e516b7f601a62a8db8d13d309f1faff914449a5ebd617b2bf2c132
-
SHA512
a24295bfd08742e1244b2e4e4acec9da95bffe369071e4207c9c36a7d210b3066209a6cbc9b813fcfc6783680da3b750c19e2bc288d9768615c56bd0e6089d2f
-
SSDEEP
384:GBt7Br5xjL9AgA71FbhvuNBNh9CcdS0AqN6WCcdS0AqN654IZF7+YIZF7+vQK:W7BlpppARFbhgCqCi7Y7/
Malware Config
Signatures
-
Renames multiple (5189) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\Welcome.html.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGI.TTF.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\meta-index.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\License.txt.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARABD.TTF.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\cs.txt.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.resources.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_100_percent.pak.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.LEX.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ta.pak.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\tt.txt.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\amazonredshiftodbc_sb64.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\LICENSE.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
51KB
MD57b68b317254e2fe5a987dfad0e854427
SHA1c6ee831d9e1862849c2ddd3d44b1f6925730c09d
SHA2568cec90a3f935115bfd0ddb115ebe04afa93cfa891ea8651d028e1e4e958bb1d3
SHA512baf4688db323b0b2a877bb852c4ea322a7ea9b64c644f7d7ac9e2b4d58266276bec6af267ad6943c8e15f9296500fba3a70745dff08c7f185439d1e4853ddf51
-
Filesize
149KB
MD51f3868cd6c2a02205f1964e5e2ce0c04
SHA143033e3bbf462aa6afc2f5fe066265d6be3afe9f
SHA256412c7885feadf7a246313f1ed6e0ca9d2a67acd177252ff1f04aa216010459cb
SHA512d1bf7ba0985129bd0cc491fe376a2ad46e4831dc74666217b04fd72466b263838bbd2fba0d02dfdeb5644d98de515a7258c49ce25a7ebfe840ad411371f7149b