ecba078896a7755a340b3bede496001af57f9baf8679228ebd801a7e4136d45c

Analysis

max time kernel
152s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
Size

95KB
MD5

84cc4e63f1c3a2a34de5bb8233ea7680
SHA1

616262f1d2ebd0ccb9b31b237119b3f844e3d4d7
SHA256

ecba078896a7755a340b3bede496001af57f9baf8679228ebd801a7e4136d45c
SHA512

a9ac7e04f4283afc2f2d914ce3f61bcffb96d42208e6a8ef2136f5e9b2708297b72f60036ee619b5a8098a1f150c2cef087f858e08f2b6e8fe872bc5cbdcbec9
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPNlOmOMymuI:6rWpcOPxPke+e3fFpsJOfFpsJbgEbThj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (980) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationClientSideProviders.resources.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Specialized.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.IsolatedStorage.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.OpenSsl.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Primitives.resources.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Windows.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XmlSerializer.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Forms.Primitives.resources.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-string-l1-1-0.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Web.HttpUtility.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Numerics.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Permissions.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Primitives.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Extensions.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\PresentationUI.resources.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ServiceProcess.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\WindowsBase.resources.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscordaccore_amd64_amd64_6.0.2523.51912.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.CompilerServices.VisualC.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.Xml.Linq.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Emit.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.Parallel.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebSockets.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Parallel.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsBase.resources.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-localization-l1-2-0.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-utility-l1-1-0.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.Xml.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Web.HttpUtility.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Controls.Ribbon.resources.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsBase.resources.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.dll.tmp	84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\84cc4e63f1c3a2a34de5bb8233ea7680_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4060 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:4076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
95KB

MD5
45a64e3e4f41ee3f6d51350d90dfb342

SHA1
23d9b5c545f9a23c2af9f8580e13bd2521390588

SHA256
c9b24b970ecbdc034d792674cbf206f07acb61baeb64c2d801216705c54ac481

SHA512
99946712a5bbdf2c219daba6ff6818615fc14ba439c689f644ae0c5cc827d4d4b723db4fe7f236cba050e6c8ec3342a7d6ce0bbc16d13dbe17ab596fbed5e789

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
95KB

MD5
d338786396d76de9ab01002b0f056f6e

SHA1
5092b80276b987853fd9efe3b60d74a059608c18

SHA256
ee601e9616f67522c11ac48f66bbdf222bc6348421cd605f46b4b7cb86964ed7

SHA512
1008b66508138ce2cde4b64bd5ce0d03ca0929f6a77ac39b2c88542d201e2009886801da3911172e74ed02d7295ebe44e7d474e5f470c57c8cef6c7e12891726

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads