Malware Analysis Report

2025-01-17 21:08

Sample ID 240603-n76xeadg51
Target a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe
SHA256 a97140f20071a9ba268b8c445424f14e97f5533a811fa2104db6e748ea5e329d
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a97140f20071a9ba268b8c445424f14e97f5533a811fa2104db6e748ea5e329d

Threat Level: Likely malicious

The file a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3423) files with added filename extension

Renames multiple (4832) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:03

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:03

Reported

2024-06-03 12:05

Platform

win7-20240221-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe"

Signatures

Renames multiple (3423) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsink.ax.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\ImagingEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 be11edb61c956963fa643cf09dafd412
SHA1 71b08463585f94c30d7897f99bc4fb503a0e4c7f
SHA256 98ff6e3f138be7b4148932c4c2112df1daa5817d02e259df99919b599ff422fd
SHA512 ccbf489bdb979ff011c2dfaa1695a9ee115c59e65a6a738e6c9be0be7032c31f1b01dfbe3a97948d87b0d50936edb14c9ef0f2513e45032553dca6803aa60230

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 83ce38dd819df39b82762aa750bb84f2
SHA1 c0f3e165c9fff1a8da7e51b1ab6a2a09179b69ae
SHA256 735e01f290d82407d59c7b6dac000833645f345806ebf419f381d6277ed0b847
SHA512 0985f73a5402e9bb66e720697339c09f4e77c622142080ede438ed35006f274e3efab7224b99701e088272bc7391d5370c3092730e53913a47e014d373554c94

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:03

Reported

2024-06-03 12:05

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe"

Signatures

Renames multiple (4832) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a2bbb491635c8db0e30ad050e4c87a30_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

MD5 6e35c3dd272deef4da549f8b163e37ea
SHA1 a46d3ce22988d64b5a00e16866448c11c1294880
SHA256 c2c59d6d4e3ce69d7465414b14a7f1b7341a1015a6a1a7fb883bbd1973a139c9
SHA512 8589c2c1a29b8fc6428ef25c1b60ea10d8bf09825a48818398445cd60702403775079e93af93a8e012a688def28d4c42f1fa87517ed7c2e3ff337fd387a9fd0f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 34f488e43997184fc7ba1210de270506
SHA1 1dcf26fb5829549b50075f39ba5fa233fd493a89
SHA256 944bc4348c146a6f9ba27c55cf3f2c8f4eb5c0665249b339c27173e0d0c06740
SHA512 01e05b911cab034ac47692a88984e80453e3c3ba4821b1cf57ead47b3699428a4a0131c6f6325495e58a9e2626a15702239cf471c9c74851bfbc6947ae2240f9