56fad23a43f78a9006d644dce571c325f89e15af34c81505753f49310cf67e6d

Analysis

max time kernel
161s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
Size

42KB
MD5

270671e2eee8f7414f365c32ac221d20
SHA1

4711936d41c6920b1535d033d6fc674f83e8971a
SHA256

56fad23a43f78a9006d644dce571c325f89e15af34c81505753f49310cf67e6d
SHA512

413b6d9d6ec4dc2b2658606fd8ff06cd0ddf0e5b4835438e177bdfab6ae28d69967d744e24ef291bde58403a7b04786e077f4765ce15bd0411b8dade5aa86a51
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGBJ0CJ0k:W7ZNLpApCZrt8PWGoPWGBJ0CJ0k

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (463) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Buffers.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.DataContractSerialization.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Emit.Lightweight.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.Annotations.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.Extensions.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-handle-l1-1-0.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.CoreLib.dll.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\270671e2eee8f7414f365c32ac221d20_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3940 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:3148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
43KB

MD5
8f01c3ba223c8aa530fde86f3237fee3

SHA1
ff5f67fcf151a7db61b83e9368af4f4ec194707a

SHA256
084306674602ed3751f3aa76357af713841797923cd880ddc2c33289ea9fe60c

SHA512
17198d67afd8a6de1b819aa150cd09bd75eb004d240666a995f8dd90165714f9e565313fa65a010fcd00f681d0661699d417e8568ff836f954a190ef86755c57

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
42KB

MD5
d2dd0c473a666f427c340ec2894180b2

SHA1
7b3d46b86f0f9888001cadcef89e60c7493e67d6

SHA256
95bc7e09edb5ac0f61fbbf335a679c8014bc2435087c3a012d9dffbd8df0f0fb

SHA512
449b4d63e4b5cf7a6084e011e648768b9cfeb545cd5573eb9b616df54a0542c7a406d7e6b6f9fd6df0c52b178480710f791098b81b57b698098c2bcb0b24be3a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads