8eaf1852563155ec5acc7e48960ee471984ca7ee3621f47eb22e675da7f686b4

Analysis

max time kernel
152s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 22:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
Size

67KB
MD5

12dd22138c45c04baed3738278885e60
SHA1

d205af16c6f9351a4eaeb8955edc51b88ec81a06
SHA256

8eaf1852563155ec5acc7e48960ee471984ca7ee3621f47eb22e675da7f686b4
SHA512

14e3059b1d6c9f13cf5c96ec1a3910af691e3b607193810d15e3a9e1225ffc01452459098cf83687ebe71785519bffabaf7133c1aaa9a37207dd78ae85e2ccce
SSDEEP

1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckMJR+JRcXxXD/p:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDcV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1210) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encoding.Extensions.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Dynamic.Runtime.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationTypes.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Forms.Primitives.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\WindowsFormsIntegration.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Controls.Ribbon.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\DirectWriteForwarder.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\UIAutomationClientSideProviders.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsBase.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\PresentationCore.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Console.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.InteropServices.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Input.Manipulations.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Xaml.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Forms.Design.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\ReachFramework.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.Vectors.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationProvider.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\WindowsFormsIntegration.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\WindowsFormsIntegration.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\ucrtbase.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Extensions.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-datetime-l1-1-0.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-stdio-l1-1-0.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\PresentationCore.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\PresentationFramework.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\PresentationFramework.resources.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XmlSerializer.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XmlDocument.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.Reader.dll.tmp	12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\12dd22138c45c04baed3738278885e60_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3932 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:3140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
67KB

MD5
3a7c49a3c0f1dbd5caa8d3784efaf32e

SHA1
93d040224cd71af4bcafe33ecb2c2a6f7e71ffbc

SHA256
51bf3b1bce9b6ce7303ca528bb1525f61e573117fc5691e4f8c740d5c0c068c8

SHA512
d688d2a322ea3c82d3ac5e3414376308aa6cb175552f756ca8f0076f45af0c23615f01b0d1e5df47c2dfc78b21373680f40c588a93053d7c370d8bd4829f7e18

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
67KB

MD5
f9e6b94da83ec2b8072168259f4d942c

SHA1
fb430ad1e4ac1abdc93c5c3b498f55202aa879b0

SHA256
07ee005540315e270269c31ad47c3f30c705c29b565bb2b71431b045b3f4b693

SHA512
ecd360ac92e9f008195d35a4c6cb6528803dd2e372e036092483ed2dac52cfaa67714a8346f85fb4078fc37385c794c4ef68d4c39dd67eaab59c4317640bba5a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads