Malware Analysis Report

2024-10-18 21:41

Sample ID 240612-nwbl5atbqf
Target 37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe
SHA256 2a56914777cafc5db8a84ece39939e0cb01ac6147083e7046bd2c84effc51cdf
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2a56914777cafc5db8a84ece39939e0cb01ac6147083e7046bd2c84effc51cdf

Threat Level: Likely malicious

The file 37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3473) files with added filename extension

Renames multiple (5050) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 11:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 11:44

Reported

2024-06-12 11:46

Platform

win7-20240611-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe"

Signatures

Renames multiple (3473) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\ja-JP\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 a597c01f1827ad590d56c7ce51555457
SHA1 a684f13c0b79b381fcbce0f998f4e1672d4310a6
SHA256 a92529cf0467e14bd25a762fe98f97fd646fdc7751de7e0faf856b794b443c04
SHA512 4767ca1bd19b86ab66a54bfe272bc08f87e75ceea932fd46ff70b346bed663f51c1c61c6931dc2a00b1ab004d88f070d09756449745d92a401f0893a273ed9b9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 bc3e4f89d9d0186642a821877d7e2ce6
SHA1 33fa1516821905bcaa15d2c20a5002451673edd1
SHA256 19f85b91fa25e4faf6f6d8c15e379b5fcd01e9cdfd016de1b2179d8724facc37
SHA512 2b83c859ad172f381e8437c14a8ed0507628c547ffda1f16e3581591e1989312a3f720e0bc2229e11319980e7d435eb5e204d9b4faec34e12573a4201adb5a45

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 11:44

Reported

2024-06-12 11:46

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe"

Signatures

Renames multiple (5050) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL111.XML.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.png.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\CardViewIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\libeay32.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\110.0.5481.104.manifest.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Organic.thmx.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\37b65fd8da174505fe39a409a9760e80_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 646ca042619bc3e3ceb54b704f775d31
SHA1 c32f9bad6432f71e83b791ae29fc0c140d79b81e
SHA256 39bf42e7912ae1280f81e1c5fbe2a23a0d87cf225cd876dbab12d52b9d8d96eb
SHA512 c98a07d262f8ff79474b42af25e53f6535d2d4155a498cf49f6db47fdd7c0f9dc499a1b8e77c33107ebc4325ab13d19e9e97889a63b0bbc5d9285540495633c5

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a518e9cba0406df944c5cf5c33818718
SHA1 ff6e9a66be61cde0bdaef095d7d0ec48559dd233
SHA256 2de91d7fba0c8a1500612f2c7967d119aa67a38fd494b3f63bc957a983a9652a
SHA512 8986a15c7085f7b09315269843df1d7cd57efadd0e29de7862e34c5fe7ccb505c3163a685a5396cde7d678c296ff1663b8b49a6bbda7395b3fb4fa5010d57294