4da3b705a1ab47138b1e98ea07a3c7cae55bc98abf97d59b3a135b5500123a5f

Analysis

max time kernel
9s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 09:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
Size

91KB
MD5

4e85b255f1121f1903b45ffc0c9fe960
SHA1

67cd962e36af630001ca4e89d175d456eb946e68
SHA256

4da3b705a1ab47138b1e98ea07a3c7cae55bc98abf97d59b3a135b5500123a5f
SHA512

11096734bc0c39800b0bad0f41b2dae2fc50a736c34d599b3c97bd471c0deee49c44d9d67b5e2af6331f3ec1b4562b963c090b6f0378379105c2adbb8ab0d316
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/ejJZJ7r7raRHBRHn:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0zK5

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (225) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\BlockRepair.tiff.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4e85b255f1121f1903b45ffc0c9fe960_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

Filesize
91KB

MD5
08e57035fdf57f7dc0c1c63212e7494f

SHA1
25f34241de5ee5c71a2a2b5ecdd3306a9c2a714e

SHA256
105f194af9a0e690fbdd05ba3afee9a32d40c229633f39c959139a3cdf04756d

SHA512
2b7c2b2864a6bd48f8149fc3b458c737202bc9ef4d3a3c6c2554488a44f0720a9142ad09138f139fe26ba99381d5bc436fd9ecd106805851b9584097336b49ac

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
190KB

MD5
be292a9c1f27b5e021a099d8672d090b

SHA1
cce7fec4bba8d9b20dba7d67588747909014fa8a

SHA256
1b5a19b2203f37d6a65af9a19c690a83d0845429e5a73a8fd6f9b68b6ee8b5ac

SHA512
820dce72d3f98f3b93e608d6314ad866fa16de47c98ce291da4f591656228bae8ecde9b1e789b053ec13462d8b406e8a7f015bbebbe1a3ab58dab0c6085e7210

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads