Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 00:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe
Resource
win7-20240419-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe
-
Size
51KB
-
MD5
8b7508e3014195a6acbc83fe6664df80
-
SHA1
574d4c4f5818b8800d9ebfb46a412ece6cb50200
-
SHA256
2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429
-
SHA512
4d7503ac11e4209e9b04d37e42ec26011ebb0177a1c2d428e9eb6db383920e0379a6ad3811366037b7280fd946b459b154660250c9c29cbdbb746fafc4ddf849
-
SSDEEP
384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrbArA5SJOgArA5SJOn1UZeUZV:W7BlpppARFbhWJjrA5SJYrA5SJ2+nz
Score
9/10
Malware Config
Signatures
-
Renames multiple (5021) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_WHATSNEW.XML.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\optimization_guide_internal.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.png.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT.xml.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ppd.xrm-ms.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\CERTINTL.DLL.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc.did.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.VisualBasic.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp 2a233715a5706e53532a2655136f41e2da7f348ceadf0ca3732cbd86402bf429_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
51KB
MD56cd9b764c9bc970e02bc86ad59bef6aa
SHA167f94173740c3281deab67860cd21aeef12a4bd6
SHA2563c99a8888fbd8a5b2bd63a350f5b9f9828a7cdb5fe70e7110d42c4172d3e5283
SHA5120990582e2e5578dc99ff75780bbae562c1e96e346b419a88acf3aab873bb1a9b5926a0a2b105a5253b2cec4c51fb735447d813f4dcf312b6ec570261e73d5877
-
Filesize
150KB
MD5b3480c3fdcfe165cace871cc3f5aef6f
SHA1c5a5a77c316ec03c34c93045d15082a4846c4e8e
SHA25643b4adfdc3369781e214d480178c340cb0db621a5edfe6c22da6091a6efce47b
SHA51295eab9ab0324c3fc0626bf06da00309b1ef7387ce28d2a6946e3caa4643e1e2819746e7d9144f59c93de67d2cdb4d0652d6120b8a2249a8475aa68495b19a991