Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 07:31
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
Resource
win7-20240611-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
-
Size
36KB
-
MD5
a14b275dc8e297d2dc8164ab75b13bc0
-
SHA1
a38144b98b4d683b8072033b38cf7c329a3a8365
-
SHA256
3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8
-
SHA512
375d96a3481a8f7f6958bc8e37bd14183f230afcb9a94cb9ade3113781429c025edf05eaec706fe4786f5d95862fe1d535781e536912a04852cf9cb8bccf2a23
-
SSDEEP
384:GBt7Br5xjL9AgA71FbhvuNBN2TQ1nrSLmnsNw/Nwd:W7BlpppARFbhknrSLmsNw/Nwd
Score
9/10
Malware Config
Signatures
-
Renames multiple (5191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-US.pak.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\README.html.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.White.png.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-1-0.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-manifest.ini.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp 3fca9cbd211d0d0df7637dca7f24813c54cd04204489952c997dfbd34c3c18f8_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5850abda0d7104a5a4843858969a9e504
SHA19216d78618ed44cb9fa111ae2b2b1ded1a57508f
SHA256c3094d832b2da7097c5ddbda49e3e0a118cb8c4ebc9d0dd82049ecf86ee0c877
SHA51240d806a76909f7463a685ce30bde7c52e17e1d43da03737017534a15ff0afb5506b6e82a820f3d2e5aad01136d6a0a1fc581a76716699d314f8ea73caf9cd409
-
Filesize
135KB
MD51e6aca8913dbc2a35ab7d99fd74cd441
SHA11d9a1429d2a067580ab8c66c617005669038717a
SHA256451576d2f8096db28333b3cf5cfc602249f64c06a2deec5720c3a0c0b19bfd18
SHA512e2f315300a336e17eba94698ed8903af77ecb49266383d5ba1bd15cefef711cd9b2fa15d1c70ee07ac1811c33703bc68cfd45384e2e0419901159fc321d0d411