4dc8e18aeacc258136c03c1abdaee977dff5f4a939479ef9d3b2ef7239bca4ce

Analysis

max time kernel
22s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
Size

97KB
MD5

11ba9a35116e925a4ddb047ebe61dad0
SHA1

1f0cfb06f9046bab00daff2cfbd4385e0d5203e6
SHA256

4dc8e18aeacc258136c03c1abdaee977dff5f4a939479ef9d3b2ef7239bca4ce
SHA512

e9f776523d3f8c5858d1944eecb43ee93eee96655c2f20ef2ed6ebb390f83bb0ce473bab405c4fde34c04576598415d836b6e3e30fb371d8d559f3031136388e
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/DMS:6e7WpMaxeb0CYJ97lEYNR73e+eKZj

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (610) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-1.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Algorithms.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp	11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\11ba9a35116e925a4ddb047ebe61dad0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

Filesize
97KB

MD5
0ae7ae49ea09fa4aa61dd3909c228e13

SHA1
4911ac9822d85d3919e2fe3a980ff8aa6f70480d

SHA256
e34c508f1742cce54d7cd374d39ea055354ccd2a8eb893f295382acc0fe45555

SHA512
1b5fee929e4cd73fdf4ba8197d1b9344e758b890e923deaaa6cfa65527ee926f561c84b20bef70693d6c1c3876b06ceb7d585110670f2335e58fbdd6f1d3882a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
196KB

MD5
9dd88b9742431052e4fbeccb2c9d6a3a

SHA1
db4754bd90e9e40bde0e702ab704a82cba4bd16c

SHA256
979169be99b7771d29c9cc528baa1ea53212734c8f2217ac000299e661671665

SHA512
05c6f80c1ece3d213d7803238ccf31f35950c451eea26fead8f597256a089d488ab59104d8caee2b96c339c4b271b97cfd31fe93df2578ad80ee4f1d2cddfd03

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads