Malware Analysis Report

2024-09-23 05:08

Sample ID 240613-ccyf1atflj
Target 552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe
SHA256 f16c5e2a6af2844e0d5104681625cb37e3a25ee88a990abf5e7f6f9a8f38be93
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f16c5e2a6af2844e0d5104681625cb37e3a25ee88a990abf5e7f6f9a8f38be93

Threat Level: Likely malicious

The file 552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3088) files with added filename extension

Renames multiple (4843) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:56

Reported

2024-06-13 01:59

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe"

Signatures

Renames multiple (3088) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 1e49671d5672205244c96560b29b6fd9
SHA1 72af74522bf9c34a5cc5d01e7b8d9bbfa5bdc06d
SHA256 b0c57caa5ccdf3b9df3bc8789382e7c3405108d8fca324ca8e6e55921b0a23bb
SHA512 fdb2e29b2e7eeaa125be0866ea3c8262736f55dc5b46817ff224126df323eb5c4a916a00fd26439d24f26a648201a1ff6d5b200a7c2ab6b998caaaab6aacdd54

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ec1b096187ceee5d23c796770fd61953
SHA1 d125db92fda5ab6f5667ece66c34a6b43b904522
SHA256 055a5b0dd222bcb8e1de7da80341ad8567ff7b15f9980a55fc24211c258faced
SHA512 72af31c5bde674ed4831a87369621b53db9338832c276f0150070034805f5caa527c806ec3d39de5757b93e06a118a84d88c0fc9bdbb3ddf436fb9c95ce7f58f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:56

Reported

2024-06-13 01:59

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

53s

Command Line

"C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe"

Signatures

Renames multiple (4843) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.Vectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN026.XML.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\552f8aca4f90d8c541947094a0791c40_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 3b82957b20894a6782edbcba96ba6030
SHA1 70dd8dfa241b1563207c550e4583643787ee1992
SHA256 4a3fb507ccd5999adbdbded617bd70dc4e8a9b513657366666a7b74c64d98e4e
SHA512 f876816191d7e839b7fe162fdf5f6321cc5842f42caddc51da68bf2b9860739bc3eaf36b30ab1ac60295a77dfe652d869d2510992baf6c4c5dd93d90161edbc0

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 68232ae7763355d49917f58622d5d7d1
SHA1 636401ce966a386d77b238014d753e0b5ad57ade
SHA256 cea9d9bfc99734d123b4f094223cc63c79e9d66ff3e2ccf30a5cf8649787c082
SHA512 5b23e021ae1d6eb5aac4c917c31ea36e3ce878416185f860a7692d31056bd6b1f5f8d8fee229457ae313ca8455540d7d25672ab3962ce36535bb80d29f03c940