23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0

Analysis

max time kernel
157s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
Size

52KB
MD5

56e677cbadd6cb28fe945d0b7740df20
SHA1

349b466d95a28e485869621387d50c937c757584
SHA256

23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0
SHA512

6298c41057c74380dbc0ff1a4a6b8f71bc67c91dfbc8729550076934b0b89c89c87dd540349ad6335e53a4ccea2c794a33364173f3071085dcc95e44f8629da4
SSDEEP

384:yBs7Br5xjL8AgA71Fbhvhwfziz63rmrLsArA5SJOhArA5SJOZ:/7BlpQpARFbhWGUKvrA5SJfrA5SJo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (629) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebSockets.Client.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Primitives.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Parallel.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.CSharp.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.SecureString.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.ResourceManager.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Claims.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encoding.Extensions.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.DispatchProxy.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.NetworkInformation.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Quic.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\WindowsBase.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Timer.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Reader.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.DiaSymReader.Native.amd64.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscordbi.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l1-1-0.dll.tmp	23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\23e7bc1a17b79c14f54443a84a7331be7db8c44eff62dc5a8cee8cf5a927e1d0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
52KB

MD5
4ea3f0c77888ea5c6778327513104143

SHA1
c7c7e15ee865b9130c4172bf623fce86119897ed

SHA256
492b0630d54888bd16552972ab85adfc2517d0ace1a03e21cb714e455e301938

SHA512
065bbb512b241d290f88d8a7aa235dc39233ed005e3028ba66e178b67fc1c0d06a165ac108d055da7baade4424732fb790fe696449ecac460ed7446f021df233

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
52KB

MD5
b1d67b829e814066c1e7a67bf5f241f5

SHA1
19e81694d0aff0a80823ef5bdad94174b47b959d

SHA256
f1c3e1c89cab1f3798a0cbfff52b568723c4aebdac17be564cce1e318e492a9b

SHA512
e3ff5a840d802652616656a5f8be94fc9baeb2893fb0e608351acd622ab2fb242b457e139770219a4d43b77cb964e2f6cc918c5f23d9a6334789f6aa2ad94a09

Download Submit
memory/5016-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/5016-304-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads