Malware Analysis Report

2025-01-03 08:35

Sample ID 240611-a65fasxhqq
Target 219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe
SHA256 7a9b1d1f32defcaedebc906b27926cd53f1c227a7b3f99b56f6b89805f5cee38
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7a9b1d1f32defcaedebc906b27926cd53f1c227a7b3f99b56f6b89805f5cee38

Threat Level: Likely malicious

The file 219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5258) files with added filename extension

Renames multiple (3685) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:50

Reported

2024-06-11 00:52

Platform

win7-20231129-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe"

Signatures

Renames multiple (3685) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\omni.ja.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\CompressNew.pub.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\jnwppr.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1655.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\WebKit.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 b2fb56c2375cc77c958d49590e6895c5
SHA1 1c4d3314cfcb2ccb84f3325565c80edb74fba511
SHA256 234bde3f3f67daa3c9bca667d2c7aef7eaf5e5d251a9e7f96e2a3608bda40fd9
SHA512 c65db80339659ab74970ce9254a8e20e6ad4fd4aa32d94b2f977c431ab818200c47f998f1b519b02ee8ec2b43e6d0f7104fb13ebb41ec342a3369b853875f7fa

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 1b36997c830835d73a9f51f36fb689a9
SHA1 a2f5be05bec01b7641761f9d35bcbf09eae10112
SHA256 aded57d012176817c76e1968ef2dd51afdfff32c5dbbbd7bac9712ea07eaca33
SHA512 d02dd0bc37f670bb4d318648826f527a52e9af6c89f700bb40dd9064d08685c97a3740efeba9ea674d4b4790e95557efcdcc20ce19000e5a2ad7895440cd6839

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:50

Reported

2024-06-11 00:52

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe"

Signatures

Renames multiple (5258) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Office Word 2003 Look.dotx.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\osfFPA\addins.xml.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WordCombinedFloatieModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\219aac543e5b0893b2513e6ea48317b0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 ca03a703977b4a8b53d7b88dd1edbed9
SHA1 39c89da81eb9fd6d959c2c59f4094e800cfccdf5
SHA256 8e7d39f9207244ecb5466894af95381dabbf6d17ee8a21bdb6986b278df9bebb
SHA512 422c9e3513f4a85ec87221afe949a15fe9eb9ec1601d7d2b1c190bca543061aa40bd28fd722d14fd1b4ca82e0f78e6488894352da8871ae25255ea045aa3dcc0

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a28d8a9409b2198ae178e0cf91d83516
SHA1 d113c82ecb4679b53edc773789991a414551a81a
SHA256 1214c8757000b96667ffd3a6f72bf7aad90b1b7e26b2d08c52744665da433b5f
SHA512 a8f46974116e9bb347818628a68996a7b119758d19558b3d0b24beb3a86dcd2b755337fc83ef7227b7f4048a88c735542e8ba92f838a3745e0e763e1b9e5b0a7