810a65bce10ad2031044a0177eac78c1b588b1d3054ac56313201b5807f8f7a9

General

Target

42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
Size

80KB
MD5

42445076ff107343284cdb166aae4ec0
SHA1

8dcd465f0f5de8e5a03a6692b401b8067212f2f3
SHA256

810a65bce10ad2031044a0177eac78c1b588b1d3054ac56313201b5807f8f7a9
SHA512

9edb8b6e5bc92f1b85021debaeb92b0b9992660558a7640cf800801090156f0eb0bbe217b82dfd836c8df469fad44c4eaeabc84e21226392e8a61f3cc50210aa
SSDEEP

192:tACUADIY0Br5xjL/FAgAQmP1oynLb22v29HWvHWY7GG7Gl+1coHj5f41coHj5fYf:GBt7Br5xjL9AgA71FbhvoBlCJAJYii

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (924) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-debug-l1-1-0.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TextWriterTraceListener.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.Primitives.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Drawing.Primitives.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ReachFramework.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Extensions.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\ReachFramework.resources.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Writer.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.IsolatedStorage.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Cng.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.Xml.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Metadata.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Primitives.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Data.Common.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clretwrc.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.NameResolution.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Design.resources.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Uri.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationFramework.resources.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Luna.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Console.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Forms.Design.resources.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Printing.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.Win32.Registry.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-conio-l1-1-0.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.PerformanceCounter.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationProvider.resources.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationTypes.resources.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Forms.resources.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\createdump.exe.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.FileVersionInfo.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationUI.resources.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.DiagnosticSource.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Forms.resources.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Expressions.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationClientSideProviders.resources.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Xaml.resources.dll.tmp	42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\42445076ff107343284cdb166aae4ec0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3984 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
1⤵
PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
81KB

MD5
c650b6ccaebdd1528e74c8ce1cab5b8c

SHA1
f6b8dcbc7a1885ca5ac409d0df080c3b1e9b5614

SHA256
230710ffc41654392addbabb935bf9509b89ef2b8ee4bfb9b3a998ff82585d49

SHA512
b6884cff8503988e6c1deaecff499191af9deb601475273f6f646eae6db1effdfb816ef3ee04f37b696be783f64fb453d0ce706db2f0eebd1f1ad581656924ed

Download Submit
C:\libsmartscreen.dll.exe

Filesize
80KB

MD5
72dac6a93ae1a93cb7a6a9d448d7575a

SHA1
c9bbd8703b071cd0b149256cb7b1d3bc771ccdc7

SHA256
2be366bac86d25f715c8d221e576538795015f970adc2abb7cfc58679868b40c

SHA512
dc91b0a3962b86feb736d5c9ae946ab78b7c9ee63c10a4a0c149bc4d33c761cb6b017748f7f11497b98e76a326fecf24b0ffe033427e10623215665b3154e046

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads