5199856c8d4fd71a6bc76144bb1edc03bc67ac0b0f972f4a28bd68ff836991d1

Analysis

max time kernel
153s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 18:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

051f49140296635964ac50355160c360_NeikiAnalytics.exe
Size

73KB
MD5

051f49140296635964ac50355160c360
SHA1

24e3053339f3c0ceb80d6501a4e044b574c9d5e9
SHA256

5199856c8d4fd71a6bc76144bb1edc03bc67ac0b0f972f4a28bd68ff836991d1
SHA512

b265f2e1f2922a41de8e346d99aaa00d6f6e7af0760c2975fc47f07f87e21789a2d045ae47f64ce5aced5b9e7ce3ba0dd2eaf9b58b5b90dd7eedd0e104770a9a
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJA:W7Z9pApQESOHepOHe8G+6E65TGA3vxm

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1179) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.FileSystem.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Ping.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.RegularExpressions.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Input.Manipulations.resources.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-interlocked-l1-1-0.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\DenySync.midi.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.Serialization.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\System.Windows.Forms.Primitives.resources.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\UIAutomationProvider.resources.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\coreclr.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Parallel.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-heap-l1-1-0.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-0.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscorlib.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.HttpListener.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Algorithms.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\Microsoft.VisualBasic.Forms.resources.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encoding.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.Extensions.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework-SystemCore.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\PresentationFramework.resources.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Input.Manipulations.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Controls.Ribbon.resources.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscordaccore.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ValueTuple.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\WindowsBase.resources.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Ping.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsFormsIntegration.resources.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.AeroLite.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Http.Json.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Primitives.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemData.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationTypes.resources.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Xaml.resources.dll.tmp	051f49140296635964ac50355160c360_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\051f49140296635964ac50355160c360_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\051f49140296635964ac50355160c360_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5244 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:4824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
74KB

MD5
dc371201ae67d55e941c41b67fc51436

SHA1
8dc98f7984fa3934d7c0548dde0c3c98b1aa434a

SHA256
3554bdfac784ec6afd1bd14545e3483da509988fbeb6d6848061abf9f5d731ed

SHA512
c55d41d2bbe3b9cae69826a0594bcb098cfc1cb55f70d930081017268df1071b0bdca5af1c83131b2baf2778da33fe4d9d6bb2ac70ff5e33e6286ee8b8d8c874

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
73KB

MD5
8a79abec12309cd79fdb4a3a1233bd80

SHA1
aefeb4498f4c7dab38004dfbf9628e9ab0b9f405

SHA256
3cb09afdcdf9e385025af95c013f389e435a27b3f9cbdf64aef0da32cb822d8a

SHA512
18162e90e42c379ccc8764b76e11943ccd44b4c3e26055207dbab051320eb3b58cddd612a4c343bb5de2977d6a59ebf0c7aa6ad382529c088448083bec61373b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads