Malware Analysis Report

2024-09-23 05:12

Sample ID 240613-e5geasthnf
Target 5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe
SHA256 2e8e0546d8b7c1beddc9ed9f8bd28c69cdce639cef9f75c01c3c3992b5c536a1
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2e8e0546d8b7c1beddc9ed9f8bd28c69cdce639cef9f75c01c3c3992b5c536a1

Threat Level: Likely malicious

The file 5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3745) files with added filename extension

Renames multiple (5265) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:31

Reported

2024-06-13 04:33

Platform

win7-20240508-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe"

Signatures

Renames multiple (3745) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libball_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\GrantGet.html.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\Accessories\wordpad.exe.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 81848e270a105885d8d9d7c53ab58c31
SHA1 55dad75e85e0fc9f86d97062d85cefe52469042e
SHA256 77ddba51be0253495e61827661e133446cb9ba6a4e2db84ac7933c06d80e18d7
SHA512 f3c03ee6a2e13c31ee4085305532981d159c01babd4968896f388c0b058149e14eb2401169ae8c3f91ffbbbfb7e156ce91adbe5414ba97f692b78dbf1e86a3f0

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 56f84d85520b5446b4eda7872c024c92
SHA1 33d146a0cd6f4b4e296ede3b95647b7347624067
SHA256 43d4d54aa24786b95f10c3de2a3003f355d7ac29d2335f55a7f767ad2a92f46f
SHA512 8dd49fdbebd9c18b921ec704e977da27619c511c99cc9c9a2b5466059ac1253d8dda18e463a93c39098b3562314deaa9c3924a4d59509c742f33a9d0ef54243a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:31

Reported

2024-06-13 04:33

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe"

Signatures

Renames multiple (5265) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\vi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.png.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.GrayF.png.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\EssentialReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MTCORSVA.TTF.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5eaed966f7f9eee249a50a0b0e270830_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4224,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=4020 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 00056e561a4605c513f975ff34c02785
SHA1 54baf2de9638badcc22eb34253d9c78d1168544e
SHA256 cc9a62667f0e916b22561469f9d8564bc32320ba39a4570795bd6c78422ef8ec
SHA512 9123dd77e11a0cbcc9f57eb3cb2147dfe61401be4dc9cdbdcb83c979355094cd0ab2da687b2c8972ef62c834b6dc9f4ec1780c24a7baefe6f2a6d8db09a56827

C:\Program Files\7-Zip\7-zip.chm.exe

MD5 7cd4f93a89b9591c8c78ed2d8692b8dd
SHA1 df95a69a1cc90366c9464da68cdd1e5f472106ad
SHA256 ebf1e9e9698a59dc465811ae22765a20f88cfb8b79d8054ff7912e05fa632238
SHA512 56f4bfb2cd295a4297b8a073aa61dffad7d6692f5137d4da9fb183e329e11d741196a859134a61f9335b2705d529e129dbd5ea5c860c15a20511809db5c340c2