Malware Analysis Report

2025-01-17 23:21

Sample ID 240603-ql7mxshb79
Target a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe
SHA256 cfbad772c6ddb5066794fe6c9c843fea8f347e3526c8fcad76f5e29d7f25f21c
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cfbad772c6ddb5066794fe6c9c843fea8f347e3526c8fcad76f5e29d7f25f21c

Threat Level: Likely malicious

The file a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3442) files with added filename extension

Renames multiple (4735) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:22

Reported

2024-06-03 13:24

Platform

win7-20240215-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe"

Signatures

Renames multiple (3442) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\MoveCompress.clr.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\precomplete.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\OmdProject.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

MD5 7f83d19649affa2062474a730b65a1b6
SHA1 f538e68689ac54523ae5af67b2dda99e8df1631d
SHA256 7657fbe1756c587c491d186ba286d655db4003720997c733d345bb16f46251d6
SHA512 2bf577cba3acdf4d27dc3f438b87de0f1f392bd95c44810684cc7108bd30dd78a8522cc7181e786a7b385cef50be1e6fe3b67696f1cd4362d1c56a73ecdca063

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ae48cc294b467e86048025276b7a100a
SHA1 3dc9f201ce4dd502c17abd7c3f99bcff985dfc90
SHA256 5d7eb5b8dda7d21dec8cd18dc060f171086d9c89fd3cdb93b056e2d223776733
SHA512 2399ab1d9534edb6e3392624080acb77681e33e95fe90845f3237b0bb7e81f981bb54d192da709267ace5ce258e7e2a305b363a60cf9765f85dd9781b20d197c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:22

Reported

2024-06-03 13:24

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe"

Signatures

Renames multiple (4735) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a4cc5983f79b835d39feb76e854d9d00_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 192.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

MD5 c61dbcd5e89b804d25dd9ed4db128db5
SHA1 0d5e8eb7d91f2723e35251d743bdd2b8f313e139
SHA256 5f649188a3b35ad7cec9524043c88140839a00ff908bd2daaec66561ddbe3801
SHA512 cf5002b18e1e2e1f6b904c8754192672c1b47bd4073cdedd338acefddd650941c4d002faddcbca1b1692611b383bc2956861935526608fdadeec839537b23d11

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c72d46d2d0b8638af727fd26f971b678
SHA1 3cce081325094e5aac4a1e7ed0ddabd29cd083db
SHA256 06d890eef034dc545a2457a63aa32f765497df3ad238f15827ee43b95b814b49
SHA512 cf2c80987248deb3d7a76836cf0a767e76874987fcb094a08d8ccc13d52c2cfb895b873736d00fb57f64868ad1291abe91974e49650b10188c172aa99a32bc30