Malware Analysis Report

2025-01-03 08:31

Sample ID 240610-3nmfzswbrm
Target 1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe
SHA256 d69794895e7d982b09b09ce4a03d3927930a6f690a3e55d5d1d65193cd379f1f
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d69794895e7d982b09b09ce4a03d3927930a6f690a3e55d5d1d65193cd379f1f

Threat Level: Likely malicious

The file 1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (2767) files with added filename extension

Renames multiple (1004) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 23:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 23:39

Reported

2024-06-10 23:42

Platform

win7-20240220-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe"

Signatures

Renames multiple (2767) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\pdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 16d2af816fbc8f8360c62af1678845b5
SHA1 4ef51724a86b3147d1a6cadc235dc4691f763628
SHA256 96e775bfaf872bf7f21eaa3def0b05e6c41d2b48e91850b744a68af16d66905f
SHA512 efd700bf26df6e6e57a139977b3fe8b89e633285f84224577d1d2a5ebe3af6ec3801aa268703e7f45e64cd32c17431d3a3633d35ae993489ae8e34361aeca1c0

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e3aeccfb3145b48348976e7f3a314305
SHA1 8b3896571a06234e663f4edacf132df06dfd73cb
SHA256 aea13bd383f99875d38b621ea5277fbeab0cad89d67cfe10d03822e571f960aa
SHA512 49bc47d0b679dee9d5342133f91ebbb9b22df1f4fdd1884700ae83ce1e06127116251ade28da15b917e5d547f2b818708db4a82c319f4052fdcfa2d00d906a7f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 23:39

Reported

2024-06-10 23:42

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe"

Signatures

Renames multiple (1004) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Formats.Tar.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sv.txt.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1f70216fc25d3c8a4f24c0f4378e0790_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1328 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 142.250.200.42:443 tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 a7857d592288e17079d3b0a59519a5c4
SHA1 11438536ee297e50c9ecaabe42bec7981025decd
SHA256 4258ac8b232b57c2f3bb930c1cf609fef05c502c7179b97dfb252477953aa675
SHA512 2eafb58f7b536aa4e5f9dc9eebda82b0f6a6d71d9c56f0a50fa30f5bcf3d65b6a550300f9bbfa2243997b6a7d5cc783e395def392ea7916e3683e991826848f4

C:\libsmartscreen.dll.tmp

MD5 79eee3dfd8993f939216ca040b37955c
SHA1 9c7a13a543b10cbcdf8130efe221f1d2e3f6b000
SHA256 b825a1d163b12c1f8a9b73429afde1fc215825d73fbdab4b4a139625e882e900
SHA512 c184210866d9aa396e1d02e9ba448b393e072621732f47b6615ba47795e6511ef32f238a4ab33354b177540e9d05aecfceca86869a2fa6d0d3f2a93d18c9a22a