ce12f52b95e049b6c1c56308acf2d0b509f9619a87606a45b02139abe203447c

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 16:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
Size

111KB
MD5

2aba2eed615d92ec14b927145de88110
SHA1

a0cc406016b13f4a48dc66af3c08009b97e1d5cd
SHA256

ce12f52b95e049b6c1c56308acf2d0b509f9619a87606a45b02139abe203447c
SHA512

a862f652ad92351795b75e41f2028d517fd14ddc24bb5496c5ff0104623196cabfc9888ec4fc3b1abab5921cd241fb790bb8f881069d853938a8596405d06938
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5KcMcoYJIJDYJIJ1wz1JNFHH1JNFHeX2yYa:W7ZQpApjIKTie+e3wBJ/HVJ/HeXX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (639) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscordaccore.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\hostpolicy.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.UnmanagedMemoryStream.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Http.Json.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Primitives.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Csp.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Security.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\DisableAdd.sys.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.EventBasedAsync.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Configuration.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.ILGeneration.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.DataAnnotations.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Concurrent.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Immutable.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.IsolatedStorage.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.Local.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\msquic.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.Brotli.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Pipes.AccessControl.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Pipes.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\desktop.ini.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Data.Common.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Annotations.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.dll.tmp	2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2aba2eed615d92ec14b927145de88110_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1348 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:4316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
111KB

MD5
4437b92164579afc9521809d316cb3ab

SHA1
f5134c18fd5eb110cb64c738813bbd4bf43d0f30

SHA256
1890889ba25df8d9d618c2fbf02b120e0361933c771b95b136212bd19d237a86

SHA512
fff0c213f42b14927341ee04ed7b9fe81bfd49277595be3057d8834320f9ce9dbf91d1c267f03ff326a5ce60442aabb790b4b909248913ee496694e1f7367e50

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
111KB

MD5
f130c0b2778686856131a25781e8d933

SHA1
86aec1ff0668fad5028818af3639e90902e84ea1

SHA256
89e0c6e33097dea3074e5f5ab63f7c08b9437a9840fcec43c00232c52b88d93e

SHA512
559e0e5eaa7ac4540e31c6a0ddbec295fe4429e7bc40985a278abaea7e63089319a076139a8e2b3823282c047a1e94fc79f048ad3882c2d54efef2d9eb47dbd4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads