adea14beab1e408fff17ec1f4b072b393d097bd42fd9cadb6294947165afccaf

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
Size

96KB
MD5

b270d4e177a4eee307bca1b0cc401120
SHA1

906c262dc44148aa1979ad95a4bf697526c700b7
SHA256

adea14beab1e408fff17ec1f4b072b393d097bd42fd9cadb6294947165afccaf
SHA512

20161ffb327a426238851e2e7d694e105e35a611bd5f173c2f5dd4afca6505720414e02cf92627f5143489bc1c9f59e7532541ed3af163650b407a8dd9927001
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXaU:RqKvb0CYJ973e+eKZ0Vd

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1624) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-heap-l1-1-0.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Requests.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.CompilerServices.Unsafe.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\PresentationUI.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationCore.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.UnmanagedMemoryStream.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebSockets.Client.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Primitives.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\ReachFramework.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\PresentationCore.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Input.Manipulations.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationTypes.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\dbgshim.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Primitives.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\UIAutomationClient.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Presentation.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\UIAutomationTypes.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.Vectors.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Handles.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Tools.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Forms.Design.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.CoreLib.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationClient.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.ReaderWriter.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrjit.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\PresentationCore.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Xaml.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Primitives.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationClientSideProviders.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\DisconnectClose.zip.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\D3DCompiler_47_cor3.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\PresentationFramework.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Xaml.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\System.Windows.Forms.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.HttpListener.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Input.Manipulations.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp	b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b270d4e177a4eee307bca1b0cc401120_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:3264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
96KB

MD5
183cc16fd067e7d3c56c8a03516f9a2e

SHA1
3c0b1d1e5507685e39f69a1cd1f281468093ec05

SHA256
42eed251e493761d50efb83d8147801fe6a39afe6631e3bc7f02d9083df5b7d6

SHA512
557761556d3813293b8f143047ac915cc1879c707cf2b67029e9c7dff0c88557b2166e725c7daf50780459881c239b005b93e4bb5004051ee7e1571df503bfbf

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
96KB

MD5
f4e6987512dd42a8880d74e15d8b77e5

SHA1
6d0e9faa7c327dbab98d09c1d457dfe499e18c5a

SHA256
919cd41738c3653882385b551859f59f9649a9f4c71bfc4d912c84e6210e07e4

SHA512
4a487329a98c0bfb994fde389b265fd0fcb369bcc4c96a11db3851dd07c13ab2f252aaae801e38ee43ed889cbfd2e3793abff6a02765f228dcf5c434a57b1b0c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads