ffa4fe0fd33d0ddb12fe44b05297dc2ad09bed0cb48d4e6eee73eb999454273d

Analysis

max time kernel
157s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
Size

129KB
MD5

5aa09d625a9a578d2cbf133637a8e7a0
SHA1

2445e71855ca3cb86156e15adc5e3fff40398765
SHA256

ffa4fe0fd33d0ddb12fe44b05297dc2ad09bed0cb48d4e6eee73eb999454273d
SHA512

1905d71b0f313e34be0e487d97540026eba063e52600be9219e4631e0f92a25296e253d693a52cb6f634a35a221db809220f35178842d7b1a5a9cbee566b73cc
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBO4:/7ZQpApUsKiXBvzwvzXJvlwJvli

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (858) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.OpenSsl.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\WindowsFormsIntegration.resources.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Http.Json.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-private-l1-1-0.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.TypeConverter.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\WindowsBase.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.HttpListener.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Xml.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Drawing.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationTypes.resources.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Mail.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-time-l1-1-0.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.NonGeneric.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.CodePages.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.Watcher.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.Design.resources.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.NETCore.App.runtimeconfig.json.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Http.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-runtime-l1-1-0.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.Common.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Expressions.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Forms.Primitives.resources.dll.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5aa09d625a9a578d2cbf133637a8e7a0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3944 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:1476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
129KB

MD5
f5b6990900054ba774b94236212d83c9

SHA1
6e2bb44c640dda8bbce6e754724310f6f71c74c2

SHA256
36043f29657276c6ba0f8a5e841fbfbba7dd7a2dc325ad47828d59e8a37ddf58

SHA512
3f7d277a0692a04f85ccf3ed3e73c772102c7b81b201d3423ddd472236e6f099f299d4ec7bc23a33e19280b658aca102b9fd62bf78276d60a16b6a1bf2cd3805

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
129KB

MD5
15374b9d0f6f47903eba6a6d3998552f

SHA1
1383af54474d64a2bb0e01fda2fefa5137c17a01

SHA256
90e48c2d7f5e0833196526bf9d6e89da19641659e784b0c0cff185415795f0d1

SHA512
0bdd0f80917bf6c19c7be70977e9d9a1133f73ac3c098905e465b2fa1306b8c345ff001a62a1d56a403d87c30ddcfd3f3370d9931728d52c96452b15b10632e1

Download Submit
memory/4764-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4764-226-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads