5a8419e348ba08d04e5deac98f695cddeb0ab8efe4457ad2c562d892fbb93af8

Analysis

max time kernel
151s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
Size

101KB
MD5

57ffa2460011a7732224f34aacf9081c
SHA1

a0ec6457e3e5c14891b3a67bd5de78aef60655e6
SHA256

5a8419e348ba08d04e5deac98f695cddeb0ab8efe4457ad2c562d892fbb93af8
SHA512

2e0a8745021684059f54dd8ef5a64f2235fe23b79a26f592ddc99383e39c9e6dffa67862f460ea753e944e60d324317a004b5340548fb41453d7b329fad78452
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZOfFpsJOfFpsJagr:RqKvb0CYJ973e+eKZ6gr

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (364) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.CSharp.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-memory-l1-1-0.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-private-l1-1-0.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-synch-l1-2-0.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\createdump.exe.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-0.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.tmp	57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\57ffa2460011a7732224f34aacf9081c_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4240 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
1⤵
PID:3516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
101KB

MD5
009cf7ab9fa5383dc2d81e57302ce634

SHA1
b7917c922e975d6e66e2d1f4f7748c17034eb976

SHA256
7150537870472cda43947e914751ef349b764f613c32bb71c6cd43e901b123dd

SHA512
2350c464e49dbfaf2ff8809dc657555859b8b3d5b9e85f27b175602942a2125a7a1d9584f308003482c37aac287fa103833f72623330d6f26ffb1294982df936

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
101KB

MD5
1f43bd9371413fc5cb8a1ea0b5f04d2e

SHA1
779c6629328ec8357809a9286df037971cbfae43

SHA256
ba4119cf40dfe94560af3fa1d29c765942ae24c6e4d464cef90976ee055a114c

SHA512
ae3918579541b189a2391f2758899cacd3589a3f93b0ee59560112185f6fa49c1a6d933899143ef539359692ccac7a78d26caeb48da9d7e734db4811c0b9049b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads