58ebab927d342978e67cf1c86385f280a4a6366300658d8434cbfce0f77ceba9

General

Target

0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
Size

52KB
MD5

0a6880aa002fdd4771fe569bb290cab0
SHA1

46c98803bc8ccaefea915bffb9c5303733b1a757
SHA256

58ebab927d342978e67cf1c86385f280a4a6366300658d8434cbfce0f77ceba9
SHA512

1f230439efaad4b70866e079072e6217e9df11e32bf3b36c3bd4772de616439608459ee9d07bef2953298e3849587d4a2dac09045e3efb2985c8ce94ada2e5a0
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsR5nd5nU:W7ZNLpApCZrt8PWGoPWGANdNU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1140) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ValueTuple.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationCore.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationCore.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Concurrent.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\coreclr.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\WindowsBase.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationTypes.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\WindowsBase.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Forms.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Forms.Design.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.StackTrace.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\PresentationCore.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Primitives.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\WindowsFormsIntegration.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-synch-l1-2-0.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Primitives.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Writer.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.CompilerServices.Unsafe.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Xaml.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Forms.Design.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Pipes.AccessControl.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\WindowsBase.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-process-l1-1-0.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\hostpolicy.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.Local.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\System.Xaml.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.WindowsDesktop.App.deps.json.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\PresentationCore.resources.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.MemoryMappedFiles.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encoding.CodePages.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Controls.Ribbon.dll.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp	0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0a6880aa002fdd4771fe569bb290cab0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3748 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:4424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
52KB

MD5
12d0b551b59664c180863517532bf9ec

SHA1
0248d026538e6b39fa3b22881d9954933f7e5c00

SHA256
be0d9e3d9dd9b70c5a9238a36d3251fcc64170516dca568ecaa5c92a847dc6e1

SHA512
28c3ba4b983762575b88fdd5aa5afa605ca2351cb2cb18f3ac79ae3741fd353779b748d5f2b41e6306c0af36f33d7c291982039eaa6ad8bcf2438d789e5cb57b

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
52KB

MD5
3ce1c66a5100068727391183dbdf5560

SHA1
c35794629db5fa5887a38d2ada32fce18950cc13

SHA256
0d7b0c2f301bb23150648daeb80a70b5cca858ba814757a12260fb43b0c2332b

SHA512
b73ef15738c4083e4cacb890cd8ff4990bd0ec3633dbb3b024326be2ff9311bdf26c1f05a6e4d507da3648d8d66d41bdf7b5ec07a9663588cc235bdfa08f255c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads