Malware Analysis Report

2025-01-18 00:08

Sample ID 240603-taaqlabd5v
Target 7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe
SHA256 ff037a66b33ed81985dda1c4e5c830735ad9bad2eedaa117c17be3baa201a450
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ff037a66b33ed81985dda1c4e5c830735ad9bad2eedaa117c17be3baa201a450

Threat Level: Likely malicious

The file 7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (1012) files with added filename extension

Renames multiple (5126) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 15:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 15:50

Reported

2024-06-03 15:53

Platform

win7-20240221-en

Max time kernel

150s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe"

Signatures

Renames multiple (1012) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\OmdProject.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 80e5c27b5681068c0e747467e09d7bdb
SHA1 2576873ed1cc87d64181792ea3e828ba7a7d22b5
SHA256 b2e0f52486dde59ee9e595310fa5d3aa73de927a07e05fa958db6a3b2c7298fb
SHA512 6cccb48055de5842d69bf0bcc24c3bfd4315af0c5a273582fe534189ceb7d499f93220f0bc49056b7267d7873a9d2bb7e41790a2b64089e3d77364e2ac5d832e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a18b651252aed46ccac20e37a9ceacf5
SHA1 ff15f1f5ae77bc940c276e17df94d999dcabf161
SHA256 a1dea9e7fc2a36e3bdf638fcf6fa8e43fc65e6ea766a088e2ff778433dc557f1
SHA512 0d677a97a20000e106fd271a039ac58edebc4e9e0850d8a9fab61631a14405264e433bd953400ce8cf3efb182444403ab8d6f4fd5c6f8179854ffdf410210179

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 15:50

Reported

2024-06-03 15:53

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe"

Signatures

Renames multiple (5126) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymxl.ttf.tmp C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\7b532ed5e8091dd92315c4743f4eae20_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

MD5 9175aad930ba3b924ccdd641619a60dd
SHA1 f0db70a2f711c4b5036153e576a72daf4890403c
SHA256 1c5b6a0a173c2c255dda9f9864c9b7d8693dad2374fdc9de7efb4c8060ce1324
SHA512 8be96694496ecfc1884b62342f796e90e9f42b895f1e26ab1f6b69eca92941a0c9592d550ae4d6a720da240c05cb42c2be0e83bff264691d2d6141f6dafe453f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 86aecd7303b9a2aba147fe0ca31c0b30
SHA1 454b78c71b63a229eeaeb76f2129b1b847ce88fa
SHA256 e686371582efb32e2d3615733a68094e064e6c53f3f1dc5231e098e94a8e7254
SHA512 3f9aec3145e0b0c66d9e615b17ad66d8fa449743a8b42643807c544208ece821666afcad5046928e49df6b58ff0e2239c845bc917ec02b2d87d50179639daaab