a4defaf0232cab207adf359ca5309a5505f3dd88b218da66559d615caf5e6a47

Analysis

max time kernel
151s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 18:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
Size

77KB
MD5

149446ebeaccfcbe20453829592f4b30
SHA1

72f923bb061d756400a4b9cf19fbcc5f3561211a
SHA256

a4defaf0232cab207adf359ca5309a5505f3dd88b218da66559d615caf5e6a47
SHA512

d2999a99d3811f327196aec3230ae469eab22d6c4bb859a28a87a01244416d5e9bcf7a519dc6d0ddcf24da5d15ad4f3ab2d5c6e8ca305efa37c9c8a325584338
SSDEEP

768:W7BlpDpARFbhYQkQjjI6OvSox/6Sox/hotyuftxtjYJIJDYJIJX66FlB9T:W7ZDpApYbWjIlE77ufL2e+e16alb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (373) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.VisualBasic.Core.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\desktop.ini.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-profile-l1-1-0.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\149446ebeaccfcbe20453829592f4b30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3748 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:1916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
77KB

MD5
dc7350f8e433899105ce0d07e4e43240

SHA1
cd1d9d7c0995ebe4d134f6e59381844c1e53fb63

SHA256
de217ef35c0f7e2ecc2df164300359226b5f37f37604c22eca4daabf7884616a

SHA512
1f0af12ab7af4acf3e2bec94ea22ff374e2af22ae4454cba8b695a458a742bb9a3fa5a172ef42fa5425c342d4837521dc72fb80926b1b2f5172a19e3b0ee8281

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
77KB

MD5
0ca4e20442e93cd60009fd87fe9653ef

SHA1
3022eb1ee3ec5579e4cf6d6009261e693decae70

SHA256
97e4c2184d7b01894e4c28314ecac48ff07de4adcdcf29945c48db4807ebe4a8

SHA512
8069969fd02fb27c1df4badfe3dd3963e12593ac005efaba2e3eef1fd955dc828946766944e49a7f597ed40a02bef59f8c712c50453b7389bba77961f74feb5f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads