Malware Analysis Report

2025-01-03 08:32

Sample ID 240610-225daathrf
Target 1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe
SHA256 396e40f8c606daa31d2c18880f26c8e2d9b6232941f9fc2f5690929a7350f868
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

396e40f8c606daa31d2c18880f26c8e2d9b6232941f9fc2f5690929a7350f868

Threat Level: Likely malicious

The file 1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3787) files with added filename extension

Renames multiple (5243) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:05

Reported

2024-06-10 23:08

Platform

win7-20240419-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe"

Signatures

Renames multiple (3787) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\BlockSet.wmf.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEREP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\freebl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\MSCDM.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DebugSearch.emz.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 52191142cfe925ca68b662dc9f387ee3
SHA1 91e925258d8676aba3b0e474ad1cc5b9f404d375
SHA256 bd19f7d700693e6e47de251807c59d6df681ed61ae7b51a21fc283902d65022d
SHA512 f9b259e06599aef4c6aec87dbcc42167ed901579ab93197fe1a71b34f1b53ee0e5ca4c195b4c23de03c35214b95e0d79ccc5b05d2ef6008357d4a60417b10e50

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 779197b8048e7fecf36f7bd135de22aa
SHA1 f89a7a11998c4bc4e66b9fa953a6ea39277635cc
SHA256 4f8fcaf1f39bdfe68d45b85efd7f6f9d903fb2703d553f6335f5f4be25a08626
SHA512 085baef97c71707ff74a9e20736b9bd2d745c65615a2b57cde158f1eb3321b49858f6f5800d5055843be3d5f4538902f9c7054b2a145d7e9fa873c3c68ec0f65

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:05

Reported

2024-06-10 23:08

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe"

Signatures

Renames multiple (5243) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\amazonredshiftodbc_sb64.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\AssetLibrary.ico.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSJHBD.TTC.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VCRUNTIME140_APP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1e92ca64438e03f9759ca3485af4b3b0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini.tmp

MD5 9694ca02edcf220eef5089c4b8a11b07
SHA1 1aa087379b372b8a1159fd9b460368826d538c81
SHA256 58dd690349e2382397e8ff4cc4490da07264995479c4850bafa4564722a64b37
SHA512 b78059ef602b7ab2ee0344b5d1d2ba5f6428b17f06eb44ba176cd0c562b0d3a3d862a19407e97b3cdbf90225103b53d11ecca34932c76e3d97238c2b2bc74a78

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7ed3451ed8f5ebe84e5b96194e8faa8a
SHA1 2b836220afabc897da52e8a5f78c50e181e46321
SHA256 c680ab0c84d1c72b6a4f37000fa15368a5b63253df2022c57716aded9da12877
SHA512 00827381405482debcaf0950259e4a48a9cce54cd9ed28dd4d7998247ed340c0866048aed4801ea43bf7be94d420336a6bfdcc9476637c43b39e5ee8adbc67ad