33c4ed9ec950a719d1add7dc6d7cdf12d191bd2e08fdb7c595642fa2e70d0206

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 06:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
Size

69KB
MD5

7669a3a87f4193b0a11af6383dc871d0
SHA1

bd6f1489def9b51af6c1ac4f830221ef3ca4b8cd
SHA256

33c4ed9ec950a719d1add7dc6d7cdf12d191bd2e08fdb7c595642fa2e70d0206
SHA512

9643188c09d9fb18151db4748e5e6be1c4f154c5c5cce3362d0df0d7c633e38f52ea353a61a1e1e731a8011851d785174f60e235990109fa7c5f1cc080fa3d50
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhd:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsQ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1725) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.OpenSsl.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.InteropServices.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\PresentationFramework.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.Win32.SystemEvents.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationClientSideProviders.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscordaccore.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ReachFramework.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Drawing.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Memory.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Windows.Forms.Primitives.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XPath.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\ReachFramework.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Web.HttpUtility.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Ping.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.Design.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\ReachFramework.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-conio-l1-1-0.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Forms.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsBase.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Contracts.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationCore.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\UIAutomationTypes.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Console.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Requests.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\PresentationUI.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Input.Manipulations.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Forms.Primitives.resources.dll.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp	7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7669a3a87f4193b0a11af6383dc871d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3044 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:4420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
69KB

MD5
3989283581ac1e734d37ad833d118285

SHA1
5fcaf09f1f6abb8de4b005d636f22a6fd9bdce19

SHA256
dd57453f030c69cb0535721f04c9b48b4068a8f4d1e2318463e25384d67bc497

SHA512
629f1b12fd638d4df44e06b0cfec4b607a2ddaf1e5c6c6377301013c4dde7863427f06f9f50920291f44333e204c214a7ee20bcaba04ab868909a26ddf8fe3e1

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
69KB

MD5
a02537c954a3f08821df11239a315130

SHA1
e8cf3eee2270aff32c343431d75209ddaf42d2f4

SHA256
81f253f923dcc469e6838d8f704500a1d6e8c75e267d2d51a85e92065f21cfb7

SHA512
13f35b97b3dc253edd9349306fad47b163d5e245a6b58bafdc709e931c3eff412793e05532297f266ca8cbb0d6211ea07cedc91e946c87f23bc515d79ca5ea89

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads