Malware Analysis Report

2024-09-23 05:07

Sample ID 240613-bja4lsycrf
Target 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe
SHA256 5817afa1e63a6c1a349fbb716af9f46906eec2186e15ec65e5816f7094f4aa3a
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5817afa1e63a6c1a349fbb716af9f46906eec2186e15ec65e5816f7094f4aa3a

Threat Level: Likely malicious

The file 52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5183) files with added filename extension

Renames multiple (3423) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:09

Reported

2024-06-13 01:12

Platform

win7-20240221-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe"

Signatures

Renames multiple (3423) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc.exe.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_down.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\PhotoBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 fe08ec010595fa0dd20acf73f3b13cb1
SHA1 06926fd7838d5066a7ff9e73d618c7dcaf0e233d
SHA256 753cf08eff67332ce02a524ae7eaf0c9c18c8be4633d04373cc86c0bf6ec6b62
SHA512 8979fcaec957cd19dece34c1d6ccbca29255f28f6cdd260cc4806c364593e510daf2a8c57ef51a0408e0497e382c56e9872f73a495e269bd3713d54a1a8348ba

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 517eb1e69f9db43e966dbd8e6be247c1
SHA1 0fda9e3fc68bb1217855908ee091288faf4ef764
SHA256 281fb48f5dda44c297b6e64e5aea82c0e16929bd82d5fa9212353b6eea2f9c60
SHA512 125025d3e3ac2dd6505f81ba62e433bfc5e494ff67bbc4b838ffdfaa414746d2c74eb070a9a63bf09d2ba2a995f6a651b390aa34d96130fbf06e09f2a2a47fe9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:09

Reported

2024-06-13 01:12

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe"

Signatures

Renames multiple (5183) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL111.XML.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VCRUNTIME140_APP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ContemporaryPhotoAlbum.potx.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\52a5697ca490d084e2fd65912a926310_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 a07058f1aa22eccecf664d5636811f1b
SHA1 59005171f7ff21e6206b24629b47dea19f19a86c
SHA256 c4db64ab0d6dcb855112fe93d2227e0e6b7a69ccb5a8bcb3601590d1b81a3597
SHA512 c5b10855d7a21a6867c9e7c848e4da87e2b88986a2c0438fd8f4c95844bd2854e63521a1c6441d86c0efac989f2e6fca617bcb9f2ad6e48b02c40a510500c4dd

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b5a9e934f64a68963c6b00f4f0dc0d32
SHA1 a9c58a462863f886909ce3f22b1d5b7ebf61d4fc
SHA256 8a509b1072ba3a4d3e7cecce95c25205e6b0c2dde2aa56c0ea1689765d5abbbd
SHA512 5e6388d5bb1c62502e366ba0d5b9f26f47f6326438fe0fcee3ce22165e9b3c643fe97d437e414ebbd19c132df5923953f456b47769f5477c36d5f261e10621b7