d77f2b460b5d0c92e0366651f7bd048437bb2a39a08f73a4adbb67ee6e11b46f

Analysis

max time kernel
15s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/06/2024, 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
Size

84KB
MD5

31c43f1398ae7d922c60acc219364a70
SHA1

ee6e55f391936eac6950c1b779bdc6d96956d9f4
SHA256

d77f2b460b5d0c92e0366651f7bd048437bb2a39a08f73a4adbb67ee6e11b46f
SHA512

057b93fe4912ed4331cf6945eecbd0f6e5b664019341b602345ccc8815fe0ed82b00826999edf3d0f18b383fadbc752e087985ca68d0e6d50f14d91c19d39779
SSDEEP

1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/82:6DWpwE7oL2e+efZwZ08i82

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (223) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\AssertRename.ttf.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\31c43f1398ae7d922c60acc219364a70_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

Filesize
84KB

MD5
8cd237c35448cf9b66e5be267e88f2cb

SHA1
f7b234b5daa37305afe599f15db72d38112c9626

SHA256
28f3573fef2dbafbecab5a3e96b3f585a3aad8e13149a9bc307a9c84b4c36dff

SHA512
b185a6a3f8789e42f2937ea73d31eb8b4dff38fe50a1af7090a98f4d0ea317838fc2c3370c0649b4e461e1b9dcd058eb366aead0540e81c161e6d19781f75011

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
183KB

MD5
576fc1db20120806ebd0ad6355e953e4

SHA1
d9e2e76a4e52743d6993caef71852ee16dd44864

SHA256
c02a18e98cb14ab7d98ae94e0a8cde94c2becfe21f6702af0f46df711f787f65

SHA512
2eb96e8a2015061964f98dcaca3831863b7fbc59be96f7ee801c469edc90f0a1cca73472f73c23f3f99ba706df0a53b8dabeac14d13130ed66e3c9a9cc6ae19d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads