Malware Analysis Report

2024-10-18 21:40

Sample ID 240612-q37dgsxckf
Target 3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe
SHA256 588d70e082058cfcb79b1ec14c868af9096d2d3d82baa215e328559f4b9b227a
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

588d70e082058cfcb79b1ec14c868af9096d2d3d82baa215e328559f4b9b227a

Threat Level: Likely malicious

The file 3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4071) files with added filename extension

Renames multiple (1601) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 13:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 13:48

Reported

2024-06-12 13:50

Platform

win7-20240221-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe"

Signatures

Renames multiple (4071) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\PREVIEW.GIF.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\OmdProject.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\PREVIEW.GIF.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\it-IT\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\SATIN.ELM.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\BREEZE.ELM.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\jsdbgui.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 41258d921727a2de779050df3144d3b5
SHA1 a34bf1976b1517ddffbe1d0c2d57b9c772fe08f0
SHA256 a32f82a1046c0970de6efcc1c83ef847e5caaf75fa6e330d088bce066e6b5caf
SHA512 477f38d6bc340f71c1bb57a92de2ae0e72552f68b144ca033ed8e62611ef0f367795c1315709bd4708d4b87b7891a3541a5400ed30ea204098a0ff60f8091319

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f3bf95a6d9ed5ca11b1a9731d6492f09
SHA1 e3e579ea2293206ab3ce32a3cf0bb7075e42cc8d
SHA256 79f6c638262aa776046ed043e37a6d978215846a158df143d692167ae5c50fe8
SHA512 bdd858ee29818c41dbcbc05f640ae59431e688db94225b46c72eb66544b6ddd9f68278da43f3bf7e81549f912281d2d9db6ce6972feee8ea66f0e1e5cc44fb7b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 13:48

Reported

2024-06-12 13:50

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe"

Signatures

Renames multiple (1601) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3f5a70b03c7345a7f3650433d0e0fe10_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3744 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 13.107.253.64:443 tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 8af82d1df1844444ada778fcddfea20a
SHA1 0adf0ca1755a53dc4b4658cc28c2ba03e54fb0d3
SHA256 f4e94f3e624875d83c221629bbdcb69f615223dc802eb585ccdc4d51b0abe5c0
SHA512 09efdfbc09911080935be0d7932a904dd8f9bd346d5015a0bfb6c7274093e7259f0673b3ca87ee59286d54b4f284a7cf332f3ad52c8cbd82bcaf27f310e941e4

C:\libsmartscreen.dll.tmp

MD5 4fabf610ef883860b5839a5a4b3317e2
SHA1 e24d4931d319441ddbc9390fd7d9f1b1cbf78a82
SHA256 4e6dc8f95d27903bb7ad3f53fb88f9ca3a98025179dc5c31408ad957363d5fcd
SHA512 f7ea89806cb7f0c03d0194dada2e806ba9eb0e20e117d74b5748a00ecd05a69e1d7e334429ce949f3bcc0f734968fb54d71231ca347cc8855b9d5612cdb32cc8