2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7

Analysis

max time kernel
154s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 02:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
Size

38KB
MD5

76167253c70360aed2109dd3e84549c0
SHA1

9d6acbd5bdcf6ca59aafeaf4af7a94b6bab6159f
SHA256

2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7
SHA512

05abe9860b1ccfa94ecedeaf7b123f63ab16a95bb38a1173baccdfa8dda5d3ea73b4fb75244bf5cd2a93c5a9f96425f29dcd43cceffc629f5a13d1df61c09a27
SSDEEP

768:W7BlpppARFbhbt7Y7FoICOiJfoICOiJNl:W7ZppApWmU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1063) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebSockets.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.Extensions.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.ZipFile.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.StackTrace.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Pipes.AccessControl.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationUI.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XmlSerializer.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.Serialization.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\ReachFramework.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.Calendars.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ServiceProcess.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Xaml.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\BackupWait.xls.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\WindowsFormsIntegration.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\WindowsFormsIntegration.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.NameResolution.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.AccessControl.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Loader.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.WindowsDesktop.App.deps.json.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationUI.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Formats.Tar.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.Win32.Registry.AccessControl.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\UIAutomationClientSideProviders.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationUI.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationCore.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Windows.Forms.Design.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\.version.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Data.Common.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.FileVersionInfo.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
File created	C:\Program Files\ConvertSkip.tmp.tmp	2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2ec22e76cd6a9067c583e0b1b113cc49337fba2c53455f61810f88ab2b25c3b7_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:1096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
38KB

MD5
3e1fd0e60cdee449f4314142625d52c5

SHA1
9a188e6002d6390d4d2a2a237e8e6150c57a7dbe

SHA256
df27f120a042cd4d42c722a29abd8a9a8958864bf3da318a5155faea4e471412

SHA512
dcac08048aef8a374ad9942abbba53559071aa1e6b9f5202a14ad87c64fe815d3c4cc0db32d193a7e848826f7bf0919796783017ed5ac9cfcf8ba7e406149307

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
38KB

MD5
dfbde75850666336a38aa98408d1b232

SHA1
d55ac5c9fdd01c54cb8005e7ad7074ffa3200a8d

SHA256
20ec6441c0d1646a9df0da90dde9a66d393f98be98b31e0cf38a8739f3fc9106

SHA512
da45b3d6afe1768d034dc63a6a17e19d725cbafd94aaad62a255413d81fa262cc4f1e13156f472550e833875d5e1f36bcc65de31e5810f2e475ccf278f943597

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads