Malware Analysis Report

2025-01-03 08:32

Sample ID 240610-26f69avard
Target 1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe
SHA256 cfd8c460a546ecdf1ce6c14c34148867a4d8af18a064bf895b98e736df2a4437
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cfd8c460a546ecdf1ce6c14c34148867a4d8af18a064bf895b98e736df2a4437

Threat Level: Likely malicious

The file 1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3851) files with added filename extension

Renames multiple (5190) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:11

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:11

Reported

2024-06-10 23:13

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe"

Signatures

Renames multiple (3851) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\APIFile_8.ico.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\it-IT\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpCmdRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIB.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\cpu.html.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\WMPDMC.exe.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MsMpCom.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 18c58ccc2716ce4f5d819c5dfeb2e8e9
SHA1 5d9aec6eaac5588d6fe3b2e237911be375e024d3
SHA256 b1d6ca0777575e2b807b743901b0a05f15f54485dcff32a208c231fa3eae8006
SHA512 16f6dbf0e6c40502bcb1c95ef7824e1ea89b1758e64644b3896862b2b629d69f32ffcaee6ace25cd7116908a1208a48a27ae94377626a69681c984229cbf5261

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c13e0818cac38d24d5b2d2378e8f4ee2
SHA1 6b05860656f8f028d4454338b41d9466c7a56658
SHA256 3ae7e114926f19a57e2bbb7e5bff917ff75074e654b25b77014251477f56b1f6
SHA512 17b61e34de126556b640d2eda84de7e9c0397fcd437298521bb9e8877277f79799393d0abecbe737276b38ebe912b9020790770e4b188d97534aec7970b2e6cd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:11

Reported

2024-06-10 23:14

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe"

Signatures

Renames multiple (5190) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\BHOINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\TimelessReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1ebce9dc59ee8ae2d7b95f1621933320_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4018855536-2201274732-320770143-1000\desktop.ini.tmp

MD5 3761cd81e303fc6c99ee380b8f759e1b
SHA1 d5d91aec58cbf2e847d0f68659653395be70e09f
SHA256 8850c9a1aa5846a93cde06c7313057558f4457313e7ca9a31796e690403f2765
SHA512 76de4a83812456ef4997d60fee99fc4a88d88c6f999eb20aea164aba768bbad33a2b58434b7cbce59bb4040790f4d7dadb438a1d46cabd500ba21917df53d370

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bbbc9c02af31c5975d3bcd562019e04c
SHA1 909b8fc39349c13ae9375af0bbbafbb3482fb93b
SHA256 464ab1aeb564505eb5d99b227873920e08f4bec246877136c137471038cfeb8c
SHA512 4187f4642af91a9522daf04bceb51a095040a24fde34a7063284e45118b7a8c663878dfd30c72f05b1114beb14ae231cf418afcbebe3d0bc7eb46825e755ca1e