Malware Analysis Report

2024-10-18 21:41

Sample ID 240612-n2aa9atdrd
Target 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe
SHA256 db430c57d7285cf7f39b4246b47f385e565b5f94859bde11c2ab30ec31b1fcbf
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

db430c57d7285cf7f39b4246b47f385e565b5f94859bde11c2ab30ec31b1fcbf

Threat Level: Likely malicious

The file 3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5191) files with added filename extension

Renames multiple (3772) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 11:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 11:53

Reported

2024-06-12 11:55

Platform

win7-20240221-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe"

Signatures

Renames multiple (3772) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.HLP.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\it-IT\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\MSOERES.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 effb0cc9470ad220ef78ddfe3473727c
SHA1 a202a16cdcc765c14a4229ed2ead733942178283
SHA256 dd8a7413f4d92bed19e70b0b3b7f8c474ede8c9d1c1cd6a175aba17009c1c65f
SHA512 e2f1b6c7a6fa0e6b002cd431646ca4a29afd9be78295629fc7fa082c8ce31f42425d161fba72cbe5db49d7afc04f75d8682ceec53f86487297201ace04fcb991

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 00fa73fc2f3f3c6c9d8a7040f22b861e
SHA1 b8516903cc5aab892559062ae0aa8d60c4d46fb1
SHA256 0e143a0da612e82d36345003548f5dee006bc8b1e6d53765d5c3e5f67b6026d2
SHA512 3e9f55377050f8907222296e3450148786e65928a8b4695a7dd069e44d4df6cd4ee803a280222b20720265f03b0529341b3ba166fa9db453a566c9ea4bd3a274

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 11:53

Reported

2024-06-12 11:55

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe"

Signatures

Renames multiple (5191) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnPPT.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\release.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PowerPointInterProviderRanker.bin.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\XLCALL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3860af987b6af9ccc546516ad39313f0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

MD5 1482071453433bc1121a65883d47e8ec
SHA1 7fb0c329560092320d525287d72decb0895e2d96
SHA256 1fd0a05b3c985c707fefc45ef21982f05b45773037ca5cc9e5f1663ec02d301e
SHA512 3a339875a8c4ffecc0ce92001c97c30b01ad88edc458fd6b2f040f5b73f48124ff5a5faa42e65ab8a750f175187fe34a7266bfacc8bb5b514965b3aa8811e46c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9b6646422a5cb77d070e244e94abc4fd
SHA1 01451684165defd369bc01926c2f15ad7b44b1d8
SHA256 5d2b388bef0145dc655818b52220e5fc6856c4fda17d96e4332ce98810914596
SHA512 b599291beb5f6ef0a62d97b318e3da77c1fe9a1e53c5c5749b2e6a8d02f2a600e4a43ce88c915cbc580788d55eddb62dbba1187e6801a34434be88ba5f627b9c