458f903ab2eedaa15a05a9fb7871d6b3fdcd4a6b9577206afc6c64fbb7d9afbc

Analysis

max time kernel
152s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
Size

137KB
MD5

60ed030f25fe2407d43de75087e47ab0
SHA1

21df975f848dbd26b42c3d39d2488e3edfe8a805
SHA256

458f903ab2eedaa15a05a9fb7871d6b3fdcd4a6b9577206afc6c64fbb7d9afbc
SHA512

4d775f4aee117a5cfe52211a1c0da06caffa62abff6a5f050865b82550e8ec8b28e2859fa17d1b409a4e73a5ccf072bcb39913fba0018c8e7f7019f24d3963b1
SSDEEP

1536:/7ZQpApUsKiXBvzwvzXJvlwJvltbDUYU/:9QWpngTJdwJdtbDUYU/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (305) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.25\hostfxr.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\60ed030f25fe2407d43de75087e47ab0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:3512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
137KB

MD5
450df52bf7136c41f4fc524026e0c6cc

SHA1
76f5c8cda9e34bb212cd60c577a815d05880ac41

SHA256
a5dfde00b7a64775b3cb70a05d8ed2be33bf03470f4c1e43f1bc459868f8c7f1

SHA512
e7ca8ce6cd16d0c62eecd581140bd83a9d307aa8b8e28e081ef1f883e83db78b78de85caa82301e81e4176a6d54ccd8a1d296bda613488be4ff5cbadc8a6b90b

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
137KB

MD5
3be508ba5de8b632e1d91a20d2a04a20

SHA1
e6f56d89648b5fa46c7bb182f6c8c9ef3211ae2c

SHA256
9d387f1a88610ad8fbd9521f5a35fc71b03e6a531c740196b545ac6da38be2df

SHA512
d295fc82376e3e6ac2d47aee7fee3b83f0888b59dfb7edaeb1cc833614de4fa224bafa4f00c0f5791aae3dae391ed7de7cc418025d9f1721581e20c1009fc026

Download Submit
memory/2932-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2932-212-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads