ab7d558a4580150888e80156f10eb1dedc4b03fd29ba8521e9ef935ba9142e1a

General

Target

5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
Size

83KB
MD5

5270e9ba63dcba148ec89522ac122720
SHA1

0f27bde6cf7fb57b63fa6c2126d2e7ad2a0b6aea
SHA256

ab7d558a4580150888e80156f10eb1dedc4b03fd29ba8521e9ef935ba9142e1a
SHA512

357fb7a9cec321233f93c2895ebea868251c5f99e1d5b8336c7a73c5924fcb7433797ec3c50d569b09a02f489960455e32709dc2d37c6f19b68fc7a325b0e89f
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhd:6pWpUFpEhLfyBtPf50FWkFpPDze/qFss

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1209) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ServiceProcess.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\WindowsBase.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\PresentationCore.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-handle-l1-1-0.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebSockets.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Xaml.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationUI.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Primitives.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationClientSideProviders.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Forms.Design.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\WindowsFormsIntegration.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\WindowsFormsIntegration.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-timezone-l1-1-0.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Security.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-time-l1-1-0.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Queryable.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Handles.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\ReachFramework.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-localization-l1-2-0.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-convert-l1-1-0.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.DiaSymReader.Native.amd64.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Formats.Tar.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\PresentationCore.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationTypes.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Parallel.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsFormsIntegration.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscorlib.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\PresentationFramework.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemXmlLinq.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\ReachFramework.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.TextWriterTraceListener.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Numerics.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.EventLog.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\UIAutomationProvider.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-private-l1-1-0.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.IsolatedStorage.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Pipes.AccessControl.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscorrc.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.Formatters.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Drawing.Primitives.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.ReaderWriter.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\PresentationUI.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\PresentationUI.resources.dll.tmp	5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5270e9ba63dcba148ec89522ac122720_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4148 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
84KB

MD5
68d1114b000153f1ddcfe1a50c5df80d

SHA1
c02e56102c84626b8e3a5c0af1ae882f34254ff1

SHA256
edac45ac44f6040e3e0026c2d56b0e8d4216e92b88ee03ef9bcb4e818a9c29df

SHA512
b05af60aef654ea8a2d3f287e4cafa40de86cdcc059058211abddb2b856c4fdd4c274700884b1eec6dbcd25cf1303e71d8a9b540cf313cf95adc91cf7ad2a96b

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
83KB

MD5
19ab837fb8d4bbcbb14b7579273d0a48

SHA1
af208d8dcf8b1ffc969d7486a4d7140fa43d2356

SHA256
a8074813a50a79ace4e8c4af8b9035968583818ba8d4e4b14376eb5b468f8e71

SHA512
6e8e89e3b3086939a5f38273864c817949382ca17485216f745333871a6de71d7167be774227b15475af06bf3a12db592f58b62be5e289d7d55233c64fd46c97

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads