4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a

Analysis

max time kernel
154s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
Size

51KB
MD5

8bb2533b49efa47fb74f4fbfa3e41630
SHA1

5d9f4c648f441aeff071734bccf5867f6f157bd0
SHA256

4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a
SHA512

54e987edfe16e81ae9076b1e8544d036dd11f8cf9d547da350fceda65a656c8aa4dd13166f2a4016fb84ee5697f1e99fb787662c207e8dd8e89d276e27313a68
SSDEEP

768:W7BlpNLpARFbhblkYlkuvIYFdGTDEXBwzEXBwO:W7ZNLpApCZuvIYXGT+

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1218) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Extensions.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Controls.Ribbon.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Controls.Ribbon.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationFramework.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Requests.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encoding.Extensions.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.ZipFile.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.WindowsDesktop.App.deps.json.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Forms.Design.Editors.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.Reader.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Forms.Design.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\DisablePublish.htm.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\hostpolicy.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.VisualBasic.Core.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Console.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsBase.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\ReachFramework.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Forms.Primitives.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Xaml.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\CompressSplit.sql.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationTypes.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\UIAutomationClient.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.ResourceManager.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Forms.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.DiagnosticSource.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Tracing.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Drawing.Design.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-datetime-l1-1-0.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Input.Manipulations.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\PresentationUI.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\WindowsBase.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.Primitives.resources.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.DataContractSerialization.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-conio-l1-1-0.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.AppContext.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ServiceProcess.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero.dll.tmp	4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4198938c4a7b790808d22b216eaca0576ab4567704b354d7cf63e060f07cd08a_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3944 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:4944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
51KB

MD5
b0f804df0c6e80f6fbb76dcb85ae8d93

SHA1
e64c11b21219166c664c6b405fba3f45fe0e1d9e

SHA256
981eead3ca6843f175137e30bcbd6bee8b63ad534ac37b82194a7c02eed68ca2

SHA512
d043fd91186105b741a525bd5fda4b23058d577338ae9b46b4751ab25189e63ae35247339f77dafde86e9aae6ab39dac13dda55e1be71f8db9e64fd7b90fbe1a

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
51KB

MD5
ec9fa50283349b47cf079e458eea0e54

SHA1
632170c1fc73782c5959d29146f121b4c02293dd

SHA256
1a359b19412b1ad4a5150da54c100d3407140dea03c8210cc6bddd37f2021de1

SHA512
0d34c1b1df35b508317d26f707f3eaf7f7c4b118938054ca1821527a1c08ca516657d989ca4b2344bc9f4681f3bcaa907e0416053b97814e3868a9ad70db9ed4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads