c80248212c7dad067dc33a58f519d0b99546ce14bfeefb7e77a51e85de716930

Analysis

max time kernel
154s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 07:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
Size

126KB
MD5

d01ec0d1eb66f3d3377f91d23b4a9b90
SHA1

b093e5691ba27d814e7a3ffb8a8fc4720eb6e222
SHA256

c80248212c7dad067dc33a58f519d0b99546ce14bfeefb7e77a51e85de716930
SHA512

2cc2083cd17d2108040ffd481faff580dc40cdcb023db4bb8129ea997f5ff86d6bae56064f60e955693a9367cecbc86c5ab712d294f84bd2f64bc3a618c25c5d
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVz0:RqlIyFESWu0SWuGSwx/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (638) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\dbgshim.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Memory.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebProxy.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.Vectors.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ObjectModel.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.Extensions.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.Primitives.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.Local.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.UnmanagedMemoryStream.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.ServicePoint.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.AccessControl.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.CSharp.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebSockets.Client.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encoding.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.NetworkInformation.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Reader.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.25\hostfxr.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.Extensions.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebSockets.Client.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.ReaderWriter.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Data.Common.dll.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d01ec0d1eb66f3d3377f91d23b4a9b90_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3864 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
127KB

MD5
4044be045a6eb0f6021b5f5fd38a0630

SHA1
fd799a649dfc218d818b8e05c3e8911e4b11c0a1

SHA256
1b6bff7ba9412e3231329dfe86f4c9ff3257ecadb45c26e07a091607f522e592

SHA512
07066adadb39609015d021fcaa86527de731507bdaf1c0cb2fb8650b98c8e51c260d1edc38502e26217b47958f323dc718054e2cf074cfb5bbdf5b664677fee5

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
126KB

MD5
a4f137efa143c862ae26b27eb3f00964

SHA1
e4e1efc87a37e7ba2736ca45810719047596f22b

SHA256
25a7446970f3f1c15c6e6c4273e4704ffdd43db0bf5ca907b9b8cc6b885fe82d

SHA512
42367f8ab521c84f57d3d2ba8deed9782a3dbac2b63f0c670564cf8dcc1732b0f564497a79605b43d93a4ddbfe04abd169ae9785b9b570ce12698a53de74c962

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads