Malware Analysis Report

2024-09-23 05:09

Sample ID 240613-c1y3fa1eph
Target 578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe
SHA256 df6f0b61ff2f6ec34987955de90fb497ec42d84b3fcdbe142dd0dbaa662815a0
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

df6f0b61ff2f6ec34987955de90fb497ec42d84b3fcdbe142dd0dbaa662815a0

Threat Level: Likely malicious

The file 578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5038) files with added filename extension

Renames multiple (3752) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:33

Reported

2024-06-13 02:35

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe"

Signatures

Renames multiple (3752) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DVA.api.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\ITIRCL55.DLL.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_stats_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 e8393325048a045a6abf1c9b43ed7bd5
SHA1 3da57783c9e05f700cb8c6ef3996f3faa6e21d94
SHA256 327d98eb8952d0ea9af6ae38d299db0af55d9fd89034b53c202f7610805cf1d8
SHA512 c41fd42204f5b50dab2a6ce7aea8c93636acf6516d0befbe7e4da419386611841d04e0025a1fef0004926d113c92b8a2b071997349e04a50500925f8c5fc209e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7baeaa178de62521791d9883aa041d25
SHA1 35b4903549fe91c051410f13e6991e74509aaf9e
SHA256 221d52b954f84cf472def8d57d1516737cf7427f0719367d616de8cea1c9505f
SHA512 166fb3427acb66df0150983f9b9f9f1b6c35c7e986edff73e1d0267f8800b4883f2b5484573c10e28af5ac41ac9a8119c089ceef9c60d59bbcff41abb58067ab

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:33

Reported

2024-06-13 02:35

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe"

Signatures

Renames multiple (5038) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL087.XML.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\578fad7450586bb046ad1668a64a9f30_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 ef36e616ef0f41ee4d421af0a1968e68
SHA1 c08f7fefd4b603e9c9de7bcceb94e83c43851d39
SHA256 bbbe76d887ad519ee687d1b8dba9058edf66b1045d58939b56fb6e60e3aebe74
SHA512 4c49d6de8e3fe07b2f8c30dd402fd053351add6a4e32499bc1a3582b800ab9a8b023795b2d6f688b7a67ca6d8ae31b7deaab5931d6b528d3e9b65a937508f595

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 70d1da15a3995d43240124c6934fb291
SHA1 f07dfdc307d64a7237aca31c64d6ad58f47723fa
SHA256 3a8982f3a98cb86dfbecda5dfaaf1f013d0d6761237bc39951d8695c424c3b32
SHA512 ae6e985c65fd0ca11bc158cf444ea0d670a4b6704ba41c60d1be78c345ca444fd3fc115dbf501e9c6e57e3e1e515384c7ea4f5416c57c815b98689ed468f6ed0