Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25/06/2024, 09:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe
-
Size
43KB
-
MD5
6f3f7133c8301074eec6f86b81f406e0
-
SHA1
9bc856b46a517cd8cac9e13aac2a56e1fe8efe21
-
SHA256
4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0
-
SHA512
0e3264109348fa95ebd78b69dc12e5699edad12ecd1b9ec518ccb66be1e9f63f452555ae8d2b1d0b3e8d66ae172559e94df36540783f2aa8e1d4eb596fef1ac3
-
SSDEEP
384:GBt7Br5xjLMuLAgA71FbhvDl3DG71ul3DG71XUmUIYFAHsAlYXlYQ:W7BlpNLpARFbhblkYlkuvIYFdxyQ
Score
9/10
Malware Config
Signatures
-
Renames multiple (5337) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Xml.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile_large.png.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Input.Manipulations.resources.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN054.XML.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_FR.LEX.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.ServicePoint.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\BCSRuntimeRes.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\be.txt.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsBase.resources.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-utility-l1-1-0.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp 4d84b48ade2df859db229aaad43d3e40853312c20cc064b6a747772fda54fcd0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
43KB
MD5a4272db6ba1c790036bb573717efaf81
SHA13dd22de401574db7dd0d55d819ddf2af2dbf5859
SHA25621610cf6324354f8d2bdca23819d9d83519a1e578321bdbe63a0bce0d7c0d3ab
SHA5120bad8d151723e7ed7a97a6db8d91609071d54264b4b3bb145eadb94fd77653532a86de4e9c27503847c9146fa5ac9d2b23aa9677bf6f412f7ec3a1c41d97dbd7
-
Filesize
142KB
MD5749400119b054955b074f702f9e710b4
SHA1b40432f366fc27114ee7b8af56b336c22154a8a6
SHA2568c1bddc9c432b5952eb84e79dd18ec2ed5164a12fe53f1a179aeadd7f621c0ae
SHA512f1933fc62c0289f0d5169f86c65d115ab6a2ed5d51a101655fe8e9f90b2320ebd523c3420eebdad64b20b1644b81348a38d25c74b8ec2ed752ee41b0f4553503