Malware Analysis Report

2024-10-18 21:40

Sample ID 240612-n9hmlaxglm
Target 394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe
SHA256 cf81fca239fbccfcac1cb95d68db3e8cb45ffaf627b0c00db702955a16fea02d
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cf81fca239fbccfcac1cb95d68db3e8cb45ffaf627b0c00db702955a16fea02d

Threat Level: Likely malicious

The file 394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3612) files with added filename extension

Renames multiple (1344) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 12:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 12:05

Reported

2024-06-12 12:08

Platform

win7-20240220-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe"

Signatures

Renames multiple (3612) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 f35cf0aa46320cbb224adf11e2a75776
SHA1 28ac0508dff250182466848ac0232edce24307c4
SHA256 66deeb2936f2f365fe542dd9659c5faca669f4a5366e997655850283858cf367
SHA512 6182c59c833ad73c4dcb0ac76cdd581378d5d5d50cfc41fe30a471739cf8c30df46b6d2c38925ab1af8d0aace68a0a343e9bf725df8e79a07a1bf0ce8159f06d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b678033e000a22488108c08ad788dc38
SHA1 ff1b115e47917bb3866205e897eeaedf6b8ed560
SHA256 5b6f513a6ea868412e64cbb1e8ac6b95ed281530ff1fdd00396744ac2b74f472
SHA512 c560c385d8b1c818b697b475a3d4cc96d69d49fe402a7e79dd095315ca424ce582e254eaa7f9c9e2e412520ad19840e67c1dedaca41273150fc06171c85e2613

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 12:05

Reported

2024-06-12 12:08

Platform

win10v2004-20240226-en

Max time kernel

152s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe"

Signatures

Renames multiple (1344) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\CompleteRestore.jfif.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscordbi.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sv.txt.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\394bcf9d882a3033a05c141918bf6b30_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4088 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
GB 142.250.187.202:443 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 108.116.69.13.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 f224df7405b8bf53f7a75a5851337658
SHA1 ac46708520c1bf8e8bba344c04c60c3228ffe5dc
SHA256 f7c49945f74a05eeb8a5646d502817c47093fe88aee6e4947e1f6b34018f2bc6
SHA512 fab29a6052102cc62ba488cce4566bb6fc254bac24cccf4a9918a9ac1fdcd5fcd6d027ebce0d0836eac23c3bbf72a90f246d42b00536d574f73c2a4abaab8b74

C:\libsmartscreen.dll.tmp

MD5 1bd4a7793091bf01905058ba2f19eafd
SHA1 983b8fdafc12f6ca9f7b0bbf9be5deb70ceaaff5
SHA256 fdad95589b5ca52a65f439d4b0bfc91fde86e858c451eb313363af62f526198b
SHA512 d38f3916b994d82fdaec02b631f9776a837e4284921d1cff55959556486488c1721c91249db018a6b75ea475b7982d39dfe6e55f7f875e7ef0c414d21949b21c