99fd1ffe53144e59510fb596609235d7b4313cce405db4b095ec81a2886cd5e7

Analysis

max time kernel
151s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 16:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
Size

32KB
MD5

9e0934dfaaa83d63c36dc15cdab90e30
SHA1

0b982307038216e1c9e032310a88017921963704
SHA256

99fd1ffe53144e59510fb596609235d7b4313cce405db4b095ec81a2886cd5e7
SHA512

1c7219042f4957a530bbb877c0256a2ae9b65e9d8909a7479c0c3723f0336bc8aac4ee1fb71288ddb3356f249ca8743f0dba11e3c5a2b3fb53be729a56c42b55
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNQFyimPimy:W7BlpppARFbhHFp9Z

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1173) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.ResourceManager.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Drawing.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\PresentationCore.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.StackTrace.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Web.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrjit.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Web.HttpUtility.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\PresentationCore.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Xaml.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\WindowsFormsIntegration.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Http.Json.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Xaml.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationClientSideProviders.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\WindowsBase.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\hostpolicy.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.UnmanagedMemoryStream.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationUI.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\clretwrc.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationTypes.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.Writer.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TextWriterTraceListener.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Timer.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsFormsIntegration.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.Design.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Configuration.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Extensions.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Process.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.Brotli.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-locale-l1-1-0.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Transactions.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Xaml.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationTypes.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Forms.resources.dll.tmp	9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9e0934dfaaa83d63c36dc15cdab90e30_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4240 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
1⤵
PID:4604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
32KB

MD5
3f58715d0c650c96aa89fa213f29ebf4

SHA1
70ecea57168714dbe0fdcb3905289531ac993c87

SHA256
83d9437ae8e64a495144374f8941c3ed2398ed6e596c2ec01f5df05b0015ab4d

SHA512
f95c712ebee9b428b3bf60c47655da20f021883722575d04eb5d687450c9d0001802eb07f84c4c9697d0c6839cf2bd14b4ca8f5bb176a6ce49854a492caa7355

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
32KB

MD5
d6e32d81f2ae48385a640082acc8d0b2

SHA1
9805516f0e41d3e0e1c7d9bd9266f754f63e1fe9

SHA256
0a4fba7198646ca876565fa1f3cd8fe425204b9f368527f1f445d99f6240f4a6

SHA512
abe32641862ad952093a1c4e54676132849038c8be493de7c4c4008244a15362e5d9d476ff9743b1c728be48aa1e8afba4a91b44645d8c35b1b6a773f1e7802f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads