fd52cc691f77bf34b1f82775d6fe2824d552a60e31bd1dbabc4380c506e5b3a8

Analysis

max time kernel
151s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
Size

92KB
MD5

552ca5018553b17fcb2433b97be36400
SHA1

6091f7d0a0f7d90b77a299e54d73cfba13bf0797
SHA256

fd52cc691f77bf34b1f82775d6fe2824d552a60e31bd1dbabc4380c506e5b3a8
SHA512

66b072a0ce5bca0a6d25bbb1e6504b567ca60a34d0cbeb11bb85983e97adf46027cb86fb5371f852140479261fcb1269c3b100760cd77edd96c99fa1b515a505
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0Kj:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0Kj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1644) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Claims.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\System.Windows.Input.Manipulations.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.DispatchProxy.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.CompilerServices.Unsafe.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\PresentationFramework.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\HideConnect.zip.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\DenySync.midi.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Mail.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\PresentationCore.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Configuration.ConfigurationManager.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Reader.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework-SystemDrawing.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.ZipFile.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.Extensions.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\UIAutomationProvider.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebSockets.Client.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.NETCore.App.runtimeconfig.json.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Requests.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Loader.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\PresentationCore.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-handle-l1-1-0.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationUI.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationClient.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Immutable.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Contracts.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Expressions.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Timer.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\ReachFramework.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationClientSideProviders.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Concurrent.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Forms.Primitives.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.UnmanagedMemoryStream.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Xaml.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationClient.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationProvider.resources.dll.tmp	552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\552ca5018553b17fcb2433b97be36400_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:3840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
93KB

MD5
6490d4387012822fca17368b43c6bf5e

SHA1
326057db56f49fc7974ede7f2fdbe9e91baaf015

SHA256
6da4e829ca5a7ed5c793e48061588a84f48c9b576c9804a7bf7f6ce72eb68edf

SHA512
c4466e4cd5c52bcaac14a2d5da7d10556766befd79839fef860c4fd6533a1c1d12c6bc0e3d3668edfac602fb20950e5c38c7e94e33b1542a72f48441e210504e

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
92KB

MD5
3e15871ce9df7c0f2285650f6bbc9613

SHA1
40c80075dd53613ccb510bc34d4dd9fb09972495

SHA256
536419c045e85f5691b03959025bca3e50404ff8390d20e359ecd7efc223ff4f

SHA512
d054d3d8444b6c52a261a81f9e6b3d2bce49a5b38acf4b812438ad3f170e23fead0cb6ae4dd0c0fa44cffe1f137b25811fc12676bc1990579592e3db489705c0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads