f283012c795616f30b39f23033160856dd7e7379b6cbcef3d6405bf9e8132208

General

Target

5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
Size

92KB
MD5

5cc787c18dafdbd689b3d1320ffdbcd0
SHA1

fec69fa7d33b5ff77f7a817b53d98edf552bda74
SHA256

f283012c795616f30b39f23033160856dd7e7379b6cbcef3d6405bf9e8132208
SHA512

8d6b9aeb2b899cbddba63fe9053970d33910840256d285680f094b4fc43e06f7b15d48b7fbcbb53bdd3bf68ae5426eec1f1a77a4428118bfbc21a6457cf4e1db
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/6lD3q5qr+twN4R+twN4f:6e7WpMaxeb0CYJ97lEYNR73e+eKZaDam

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Xaml.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationUI.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Pipes.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Globalization.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Mail.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.Design.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\ReachFramework.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\DisconnectSend.asp.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\PresentationFramework.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Forms.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.Local.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Mail.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Parallel.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Tracing.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Xaml.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\System.Windows.Input.Manipulations.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Diagnostics.EventLog.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Web.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\PresentationFramework.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-localization-l1-2-0.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.Formatters.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-1-0.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.Primitives.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Input.Manipulations.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Input.Manipulations.resources.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\ucrtbase.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Immutable.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Formats.Tar.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.Brotli.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\desktop.ini.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.Extensions.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscorrc.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Web.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.Brotli.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.Reader.dll.tmp	5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5cc787c18dafdbd689b3d1320ffdbcd0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2756 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
1⤵
PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
93KB

MD5
a9d305f8d39cd186eda8c9b05862f1c3

SHA1
ff21f43153bda4444fc3abf7673b7ec3984a36f5

SHA256
52589a45288a08334fb19871b60b58f308f8dbfeb325c4f37a1895500a1ce234

SHA512
208707689f5a39c51ec8c8501fcdf42d2897b6b0dc66e2b77069eab8abbb840f8590f278b5cd97790dd8f84f1769fe3e9dbcf61c9157738765335131082a3e26

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
92KB

MD5
31d934e037719fd36c3f624ef14af6de

SHA1
c619a8588efd80a1643fb60d01f33c29a4c49763

SHA256
c84704803503c66ab9c608dc9cba6892bf0db6d06f687190a88fa3816f56cd5d

SHA512
d20d998898bbf9542c750b843254063b7bebdd226eadb1cab53501d8a3a2bf65ff5b416398956ca9e229c62a9b7829d4093aff5ce6b5cec0413e60f3f71f62f4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads