b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
Size

85KB
MD5

526d083d53f39a2c309ba226a22955a0
SHA1

2bd79f6e40e0410a5fe7277394fb65a16de43374
SHA256

b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862
SHA512

59f042c3d1ee5e21341fb748d3c8d70172a17ec609324b3349c2cd9445188199faba0fb00c4bfe34d739de5c4913f14a46f5a3b6f8c741667bb8040642b53ac6
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t5m0m69YUpCUppXxXTXxXP:6e7WpP9oVLQthbYY9oVLQthbUrt7t5mq

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1151) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationFramework.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Input.Manipulations.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\UIAutomationProvider.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\WindowsBase.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\WindowsBase.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Input.Manipulations.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Forms.Primitives.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\LICENSE.txt.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.ZipFile.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.Watcher.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Metadata.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.MemoryMappedFiles.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Pipes.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\WindowsFormsIntegration.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Memory.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\vcruntime140_cor3.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-utility-l1-1-0.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.Primitives.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.EventLog.Messages.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\UIAutomationTypes.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Controls.Ribbon.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\System.Windows.Forms.Primitives.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Primitives.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Quic.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\UIAutomationClientSideProviders.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationCore.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.DriveInfo.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.AccessControl.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.Design.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\ReachFramework.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\.version.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XmlSerializer.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Input.Manipulations.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Ping.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Overlapped.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.resources.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TraceSource.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\coreclr.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PenImc_cor3.dll.tmp	b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b9b50d8e55bfaa3b9df1ac51831f9f68ead67ef09ea0127912403e4e13f6b862_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2996 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:2188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
85KB

MD5
ef2a7160520d10306bfa09dcf228444f

SHA1
cf1dbf954b9f9437385eab93c9ffc7d21eca77f7

SHA256
878c00a5872883478262e45d540049e92e7eb3a3c4900af7c5d85471be4599e6

SHA512
2bf99c958acf459c05387025602e3e74ee4ec66d74f3c299a6c6b4034d10ef1bbf4b8cde26fcb6de1f95beb77c39c08d28662d5f30a0dd713a2bae31c94ce8ca

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
85KB

MD5
bfe816d7122447c7b6e1e6d00e6025aa

SHA1
32fbf11b089f14595cae393aa829fa515514fc7f

SHA256
44d4b1c473679bdda7ba88769352b01f6678d9c9cf2f417a0fa5935ce7eeb6d3

SHA512
3b76edaccf9673a59b9312688c01771ccabd315a11e612736e0a8e7171e0ea3b76a36c2d4f2baaffefaed143ece0c2538a6a296724c7cf40f28bcf944b0736aa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads