290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3

Analysis

max time kernel
157s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/06/2024, 00:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
Size

47KB
MD5

af7f37025a6c6b95517252379595d590
SHA1

cd1e068f69cc49194ec22ca872eef6d0eacee219
SHA256

290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3
SHA512

447bf637706386af8e71bcdceedd7c25f6667f5a39b8235e824e7f75c2ffff6d87a40da5cc00091f65e50ea563eddb5876f8ad14cb52f205b27f8d0565c6f9e8
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrxAa2a//yfIf6:W7BlpppARFbhWJmAa2aCQS

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (550) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.DataContractSerialization.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscorrc.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Http.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Emit.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Concurrent.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Parallel.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.Win32.Registry.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.Primitives.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Ping.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.SecureString.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-process-l1-1-0.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscordbi.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscordaccore.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.Watcher.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscordaccore.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\290a3d7c120efaaf4530bb094dec7ec03a20de3814e97e1ee64e531cd09288b3_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4164 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:3568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
47KB

MD5
b3e44532ddf83fa0531fc94f82de3beb

SHA1
06f8198886055a8a4b2f9b1b9347aaf0416d3394

SHA256
69dffe3ee1dcde8134fe72244e53f03c70bfcd001589614e544a2129d3a36463

SHA512
6143c8224db300b200f9c28f6d053254399e0e2f8ac00073fd0bde0fcba4142656ec51ba463f5cffb4a1d1d0db865ebd5dedd2b5504ba75d4629df623812cafe

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
47KB

MD5
c82469e3a68933605c7a460e5918f50c

SHA1
8ef6186fa40f538b45a40e6fd0b5a3b4e14cd9e9

SHA256
862ef72f285d3c5806a83dbc6bc49cd5fc9ce16e40f9c76be80e6bff4a193704

SHA512
ecfd3cfe70118c074f5cec882c4c361b187527acfd8dd6912ec2db14df679bd15e665f81a2a0a8f4b505a1b19673f0d22cb3fdb42dd9743995800159a91a516f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads