da0d78193045cd447f887714975d47d7c9a83446a1bb146e20a18c0a24303820

Analysis

max time kernel
157s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
Size

65KB
MD5

1507bb99de094da07d69a3b9dc9175d0
SHA1

a916b15045e3b1b246474bc20032d1c640c5b682
SHA256

da0d78193045cd447f887714975d47d7c9a83446a1bb146e20a18c0a24303820
SHA512

23e931fc591fa8640b6b78db40a595d67cd7ef12b922bc2ee24fef0b6677f45c9a19140d93a20a5cdc4d1a91685b219f42c76977aeadd9878b3eab954f697601
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E65TGAiJvUJvy:69WpQEJAE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (353) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-2-0.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-heap-l1-1-0.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-math-l1-1-0.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-string-l1-1-0.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp	1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1507bb99de094da07d69a3b9dc9175d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:3688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
66KB

MD5
0040d620e723f8d07b7f03e549721a65

SHA1
9fb2cb121c2cdd14c5d5c6758cabfe307055f967

SHA256
8fa1f7c86c805da9e542704dcd6cace9f52d0fda4d261703fb6b9cfa84db1466

SHA512
1557d949c771c89cc1f26a58483bf87e9a695c4974a317f2b2e0585be8e9b2af13d84565322293f0fc563b78a6ce7d541cf7a9b3240bd1a5a2c87eacd954142f

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
65KB

MD5
a2bcecc3205d4280493eb02cf0eab51b

SHA1
aa0042b5d39f37db229bfe32016da2745228bd57

SHA256
18fd31245c211ece6e1214e622c13ec893ee9c1da078d3bebc09f48db221a9ee

SHA512
d405afb0d9ec441af3e357c21500a0406e93d689d703cbceaea648a063f7600140ef704ed29788be62819a743ba38adeaf8cc43ba48632add5a0e0163d4f2ebb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads