Malware Analysis Report

2024-10-18 21:40

Sample ID 240612-qwzp3azhjn
Target 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe
SHA256 51b4f7913eaea29ed20a8417033299fbb48ea3fd82303f1b08feb2d0633c7bed
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

51b4f7913eaea29ed20a8417033299fbb48ea3fd82303f1b08feb2d0633c7bed

Threat Level: Likely malicious

The file 3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5187) files with added filename extension

Renames multiple (3867) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 13:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 13:37

Reported

2024-06-12 13:39

Platform

win7-20240508-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe"

Signatures

Renames multiple (3867) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\softokn3.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_ok.gif.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\release.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\omni.ja.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\ProPlusWW.XML.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\MountDismount.rtf.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\uninstall.log.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\it-IT\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2192-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 c5a4823db731e0bcf4cf30498db6ff68
SHA1 ff560cc2f6996b41c78ffd0fa8ecf3b77479b0aa
SHA256 bc7b41698d630d96a692b8669d4167f82369178c5103714de40763757412ef62
SHA512 bfc812d1b0ef64c070dd8000b46028abf5de22b0022107e33d87f616cc97b3207ab363f9b4e80a6ffdeef22c9c8c71d668c8f5b172d272872782befe3023d917

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9a965ce7bdb1b60b958973918bfb9756
SHA1 55efad8f125a3b232e30484840b1bbcd2422a222
SHA256 3d7a1ada078294b8717c67c6d32f658d637d55b76015ba764f2841a9c6913484
SHA512 b87fc29306a938d1ee258f87cfdb7be9c8edf44c45634aee7caadf72a2e6bf7295c9ea9134b8049ea7d56fba4f18f9bba293903628dc90e08778fea36009fe96

memory/2192-650-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 13:37

Reported

2024-06-12 13:39

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe"

Signatures

Renames multiple (5187) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOARIACAPI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOARIANEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\it.txt.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRINTL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\MySharePoints.ico.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3eb0e8e9b1ad24ccb8f9b348febaffb0_NeikiAnalytics.exe"

Network

Files

memory/4412-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 4c7a121802266fb2b9c03d430fc766b3
SHA1 944dde769f2f6a1cd551f266f8de711e652cc8a4
SHA256 ad83ffbc8ec16e78d0ecd880a759309d02e86b19facb3ea896d2feb25d71f12a
SHA512 3c65728068e5cec5e0ea437e0e8afb7e44344b78b533f6d1a29a720f955b3e23808d3b086ece2074ba60883af0d7e0db45b7568971894a6b22e23fbf6ebdbfd2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a03db65ac8df25670322c599f44ce84a
SHA1 bba2a0828fb4d4c61bd4d844a835ad031f69dfd4
SHA256 4c7b4e4ea5f5efa449d3ad0a45d569fd7c826736ec8b774ba48d6fa68531aebb
SHA512 c8970d89b3ff9091c3a87ac4bdeae4924e3a2b3df5cf40472e4b5196272110c0eba5f3f674eb8c142f4e4bca19bc86f1ecf57a830223d4760ad4bb042326090b