9c0cfddd126caad478c640cac62bfb8b3e56e548ef2ab361c66ad79634bf9955

Analysis

max time kernel
152s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
Size

86KB
MD5

8031918a7a4133fb095fe575de1d1d30
SHA1

ad9238540aaecc2796d28ea7b960a7a584fb4ac9
SHA256

9c0cfddd126caad478c640cac62bfb8b3e56e548ef2ab361c66ad79634bf9955
SHA512

e9e4307f336690faea2964c1b98a11138909311877db2bd97db32f7db7f20c43c028859ca8172a85c6b020d26657b9c8c8885e44ec9545f8192b668b14e0502f
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t2rt303hHUsM:6e7WpP9oVLQthbYY9oVLQthbUrt7t2rz

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (863) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Concurrent.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Handles.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.Forms.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XDocument.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-runtime-l1-1-0.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.VisualBasic.Core.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.StackTrace.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Cng.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Xaml.resources.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Forms.Primitives.resources.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\PresentationUI.resources.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Primitives.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XDocument.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.NameResolution.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.OpenSsl.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscordaccore_amd64_amd64_6.0.2523.51912.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Requests.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\WindowsFormsIntegration.resources.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero2.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Input.Manipulations.resources.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Http.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Input.Manipulations.resources.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8031918a7a4133fb095fe575de1d1d30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:4396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
86KB

MD5
99335745daca4884f371fa53deefc9e2

SHA1
2ae7a977086864c0aa6c81c9a37fd0a977211078

SHA256
0063e97653f5412b46c2e9d47b6e4fd562ddda4e002babeccc671df83f594e57

SHA512
b15d33b09a275970c3e5093a233e345cb3560f6517a7d64d75907c0ce0e6a2fd067c9fd5f03a875a7efb6b3ba9f1ead0da58aeefdd972192556db41ad4ff1413

Download Submit
C:\libsmartscreen.dll.exe

Filesize
86KB

MD5
860fab988baf9907f084ce282982ef33

SHA1
a2d6e546cd268b47cb708ec191a371bc67d176e9

SHA256
202c4b69fac9d871dc9f3883157fa4dd6303d1b8a426c2e56e8ce993f49de601

SHA512
667e452690af335673f87ab000842a25de9636941b0c619d1a9817945395e899df73cd51df98b3a69b3a0951dedbb48ea398e24c3a05b0b208f68791aaf3d0e9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads