4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1

Analysis

max time kernel
153s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
Size

55KB
MD5

e1f257ba1b004d4d60691ea01d41fa80
SHA1

ee431f54a4de225540e24ea6efb15b6b737eddba
SHA256

4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1
SHA512

2602012e3c5fd34889806fa1f47f9be28170123a2b1a6bf5100d87e57d7b28d8774be9e016a3d378e326b10c8f19f20f4e24c270128ed2037c3d2c5803c0af7b
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meD4:/7ZQpApze+eJfFpsJOfFpsJ5D4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (2067) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebHeaderCollection.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\PresentationUI.resources.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.Forms.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Security.Cryptography.Xml.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\glass.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\UIAutomationTypes.resources.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encodings.Web.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\PresentationUI.resources.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\System.Xaml.resources.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebSockets.Client.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\desktop.ini.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.0 (x64).swidtag.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Metadata.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.MemoryMappedFiles.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.Watcher.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\ReachFramework.resources.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationClient.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Forms.Design.Editors.dll.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.NETCore.App.deps.json.tmp	4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4a5dde45983f965382aa935270faa185f2031d199ea6f8db6be51816eacf4db1_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:1804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3776 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:4952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
55KB

MD5
ab900ce4a3221c33f80e5c79e06f943d

SHA1
95caa690d05de666a5ea5c57e5c723b23f522e8f

SHA256
4596189d49a7f9086555e8ccbdecd36db6b9236b889dc65cda1bc87b885b6777

SHA512
6d6c9988d048539eeff8f9d2d6f8fc6617b8db7d8a251d54fba44f3b4e4ba7dc130914ecf7f08ab742326fb2bab233dc2168296b48f30a9bd2a6c8db7e3c240c

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
55KB

MD5
565c6640186b216b8e58da82c7aec779

SHA1
fb58cd93db0c52ff462f2b053fc0fd881e0bae6a

SHA256
9bbb6153641b38c56575c6242e0d2a9f045f239233d77890cf6c4ff55f679835

SHA512
21e52d3af735876bb9a8a83651e9d33d778b0a51d0e3360b62c5861b111c7ef62e10ab6343478c949a3a058e8ca883e035822d9f9dab45a68af5ae6814b98db6

Download Submit
memory/1804-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1804-648-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads