b61a13d665c7b726649c2b851161bdcb7c0983c37959f7e6c09445bbaaf1977e

General

Target

2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
Size

80KB
MD5

2e0404d290ccb98c6c001adc52eba690
SHA1

0b91300d46b327b7e3b07f767f14a87f07c9833e
SHA256

b61a13d665c7b726649c2b851161bdcb7c0983c37959f7e6c09445bbaaf1977e
SHA512

9e2fdd25da66537b692a0a92a32737250fd9e6f60f9013c24dbdc8ed837fc860069b36054288e7415ccb30e283a8bfff0f9f41f9369a095c66930eaf7f166db5
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaRRpi1xnRpi1xOYJIJDYJIJMFhWFhCmDpBIjsZORReS:W7ZDpApYbWj2WTWJe+e/qXjBJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1722) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\host\fxr\6.0.25\hostfxr.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\msquic.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Csp.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Emit.ILGeneration.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\deploy.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Forms.Primitives.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationFramework.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Forms.Primitives.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Forms.Design.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Requests.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Forms.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\PresentationUI.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Forms.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Pipes.AccessControl.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.CompilerServices.Unsafe.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PenImc_cor3.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Input.Manipulations.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationClient.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.CoreLib.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Serialization.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Security.Cryptography.ProtectedData.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\DismountConvert.tif.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\dbgshim.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Encoding.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\System.Xaml.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Primitives.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\PresentationFramework.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationProvider.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Extensions.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\WindowsFormsIntegration.resources.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Queryable.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.InteropServices.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp	2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2e0404d290ccb98c6c001adc52eba690_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3960 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:4696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
80KB

MD5
691d3c794a36659b8c38b74e5a779e6e

SHA1
e55bd26a6bc4f77e3c08ec3d0d9fb1d8097f0c3d

SHA256
b9f2a935fc1d510ab8cea3c4218f9e0ab75b6856521d75f01462daf08685dccb

SHA512
da08f6806dba304eab6c484ea53b1c4f77b8be86d7ef1668499a18d8a339d3f6cca06915894ebc83142a898b8351fe6381ba755cc2cb788f87cc0b074f34e056

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
80KB

MD5
6ce6acf0d2659450261355a2a3d216b9

SHA1
dd8b40985d8885714573a28d09e2d60d64b7870f

SHA256
c0739deb3668b2f259d4164cb76dff142c3d0567b358c8eba1f88ceb5bd8994d

SHA512
d89b012c372c21d0c51a01b39da55132fb812a87945348e03c340684c7d0d518e72979004d5aefcd81d47c52886f4f3198b648568b386b126577a5feb97ee37d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads