Malware Analysis Report

2024-10-18 21:40

Sample ID 240612-nx4djatcpc
Target 37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe
SHA256 243d02490daa02f0746a2b6f2e0f4b95019b0a303ffa69a390644732524aab75
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

243d02490daa02f0746a2b6f2e0f4b95019b0a303ffa69a390644732524aab75

Threat Level: Likely malicious

The file 37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3752) files with added filename extension

Renames multiple (5072) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 11:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 11:47

Reported

2024-06-12 11:50

Platform

win7-20240221-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe"

Signatures

Renames multiple (3752) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\F12Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\Accessories\es-ES\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libprojectm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libinvert_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 fb3c38344e811742395bde21f2fe7083
SHA1 d7707dbfd559b132d6991f15fb9ff5b6a4f9f474
SHA256 9ec198ebd91c6279840c6ff4e368ba030c4c4301b621cfb8e12f73ba09309816
SHA512 6268d6875b899fc24c3b6ce10b0f294fa75f41c96a06ab074bd3e53d03ed4557027810922d3c31dc8c14c065fd7ad64eca71e5b0458ebf2aa5741f94901012c5

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 48061ef11d79d25eb9509b62406ce950
SHA1 c97de0d56ac67dc6be4b05ab60fcc0c4d338904d
SHA256 3a0c03225397bc8b746d5805205014bf0a3e592ce02f63d064576ae848e6e13e
SHA512 7ffa7712ef366f2c4e2fd6705075a35dc468332b3222d5f92b04a81edb52733650e5e9b1b46f1e0d7b3ef92634982a1a05b80113ec5f3c439ba51f6cf0e075a9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 11:47

Reported

2024-06-12 11:50

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe"

Signatures

Renames multiple (5072) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TAG.XSL.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.png.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.Vectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SFMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\CardViewIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\LICENSE.txt.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000C.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\37d9fed2e1cca9ec35d35d8eeb26cc40_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 131.253.33.237:443 g.bing.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.33.253.131.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 43c5e603b67e83fcc76cc649d1f5f9b5
SHA1 c33af2af741f19806b58bf4b2f45bcbf03a3fc48
SHA256 45a93cdad7cee11aa7067333133f49f434729294f5f6c4857ec08cef97f63a78
SHA512 8e42f906a1d5402d510891b1142892b19dc0b3676f638736334fc51f02f4fc40debd0d72b06a3c327d4e0efac854e48f9662a0a0448f8f9f1f10850fc2bb91cd

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 eb3ae1a14d9497f34c67d364b096753c
SHA1 b440e40a7f014ace74bc274555439dd3408ec7af
SHA256 0d3bb60bc36cb800e295ad0b76849514a3065276ef4a0cb2a23ad0a1d22ca77c
SHA512 dfec03500e0e6a417179f391196a296180adc023db1bca174f4dda2896a5252f369536d05734d575de6b42be4eb8ac2b88dcf4e13ebe3e279bbe9e0c3e0304a0