Malware Analysis Report

2025-01-03 08:32

Sample ID 240611-adpt5swgmq
Target 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe
SHA256 d3bab3c59656f139de8430700d29bc64b1cd2ffd3addd7fa76d3a84743eb1835
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d3bab3c59656f139de8430700d29bc64b1cd2ffd3addd7fa76d3a84743eb1835

Threat Level: Likely malicious

The file 2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3611) files with added filename extension

Renames multiple (5163) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:05

Reported

2024-06-11 00:08

Platform

win7-20240220-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe"

Signatures

Renames multiple (3611) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\ResolveSync.tif.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 3c24a0c06c1d96d8955ca3ff3fc9bc24
SHA1 2eca06eb25bd7549c06dd0c32725311f22ff70ae
SHA256 58d3c5caeb59845223b6b0a2e0d094f002c3c2b1b5d9148eca02a33d4fdb9207
SHA512 5e34e567cc9108b8034af94fc58d114ae5c032af443ecc2c5eb1881941a5f980302d8bed526237c0b780bf5d7f477da26e2a3548b87232e0c09c7a4b678800ee

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 88467720472be8c5016d3f08a857a2dc
SHA1 201231dade282a4ff5d767ffe1631baf259eb62b
SHA256 4d38df6912e7a2dcdaeb63972aa820e026cf3ccdb9c68ea7ac11ce05e48eac82
SHA512 ae328003f0951cd43e056bdcf3571937afb34801086c62b313d8a9d24eb2e9c1751dabaab1b8feb1c61b8ca43b06073b7811e89d16890e1ed92899e0a309c5fc

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:05

Reported

2024-06-11 00:08

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe"

Signatures

Renames multiple (5163) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.TLB.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OCSCLIENTWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2021d29e64c53d9daca87df8ce71d9e0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 48.110.63.41.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

MD5 2d16cf1783b19a65ce4553d54df9c43e
SHA1 d3f834850ba9d1199876e322bad1f6f73342224b
SHA256 e75e7a93e85fe9ba5952142b9bbf3b83414a5ad6998b4e27b2d0913661cdedc8
SHA512 c3b686dd7e3bf8290d79d96d08c6d530fa2a2570ad19f9f69dc9b0f62db2185f3aa59cedd0f59be95cd6db6b9033a5ed92836f8a683d78efe8777f239d202335

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7c6d2e21e570aad38ff0a753f175b918
SHA1 3a5df7baac98aca66562fc32fa58fc86e902e5e1
SHA256 0fd4d66147cfd254aced8b9725bac4c9a032197db62e7e364dd9f4b33dd80d59
SHA512 3dc1e2d3dbf19229595de11b51ae4990d109c7af70e7fbad470533b86ffea7acf35cfec832b3475229565b4c0f01920c3bb0443ecc6573cbc98a7a1da3ddde7a