Malware Analysis Report

2025-01-03 08:37

Sample ID 240611-cglb8s1apm
Target 2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe
SHA256 07f2ff5de3dfa809a0c19dc61ecc221a07ed4ad89a1d58fa9e62273f7ce5fc4e
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

07f2ff5de3dfa809a0c19dc61ecc221a07ed4ad89a1d58fa9e62273f7ce5fc4e

Threat Level: Likely malicious

The file 2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3463) files with added filename extension

Renames multiple (5100) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:02

Reported

2024-06-11 02:05

Platform

win7-20240221-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe"

Signatures

Renames multiple (3463) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Seyes.jtp.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\uninstall.log.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\ja-JP\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 b3d15ba0724260f47e9b9fe0461b9908
SHA1 314f5baee711a4554866daa725d8a7e26579e8ba
SHA256 7459a817a53a5d3ffac73a01c3af0302226c42beb174691397b158dd714c6084
SHA512 e8c0f6e8edfedf0fc8b717e87997f2a148ddccda74508b3b266452455902c108bb4427581f14bfbc9f1e39c8a4ea8dee98d1b2084b1e49d8baf137b1fcd6dc6e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4b44f9a532e191f6af43074c8a51faf2
SHA1 42b512fb4c7fddc6a0aefe655fe8360bb3c9fba9
SHA256 31a11f975828e38ee0458e7fb3922f83e614ee5326ad78db4251f5bbf21cd1e2
SHA512 639a35d44e34067fc4037d17851a280e70d480ce66cdfc6afd6ecf4aa1628c4ac520915d64beeabae0dd637e156b11933384d15ab804c4c136fe207f940b2f47

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:02

Reported

2024-06-11 02:05

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe"

Signatures

Renames multiple (5100) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSYUBIN7.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN090.XML.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2377d5e477a51482944d5d3f7ef03950_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 6.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

MD5 a27954eddd2b19621e9512aa86906963
SHA1 abe3d448beb2b6e428b895d3402a04e961f3078a
SHA256 75f6a6e98a1a83411f32c3338b9dda6d76f599bcc3143a9954432b3ca2953dc3
SHA512 4a5a461d3a246356bda7c5f1e1e4bd3a39648e921505b2810409d0edf564589ed264f41274f61a82b6ebe8bf175c5470051924069aa74023441ffc0d9848ee8e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 25d9d9eeaae57d505a7ecc1ee55c8ad9
SHA1 0d9210fc7ea6c95a3179f70439fdc53bdc78dbe9
SHA256 69e59a5ff48db91eaae356480c5c52876bbc5c58489947fbf751bea97a11f05a
SHA512 9591ff807939094d3419e11c33a78102728dfa3e6d82802d67e5c8bcb05c0b5bfe1a03734c482229db7a00b54547cc0127ae34e10188e3db36d532243451271d