Malware Analysis Report

2024-09-23 05:12

Sample ID 240613-e8byzsxhnk
Target 5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe
SHA256 81eeac4e328dbb89ca53a9bdfdf67abb4f83b5b4c638e2ce2ee2d118cd80f2e2
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

81eeac4e328dbb89ca53a9bdfdf67abb4f83b5b4c638e2ce2ee2d118cd80f2e2

Threat Level: Likely malicious

The file 5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3448) files with added filename extension

Renames multiple (5198) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:36

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:36

Reported

2024-06-13 04:38

Platform

win7-20231129-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe"

Signatures

Renames multiple (3448) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\de-DE\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_duplicate_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\PhotoViewer.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 fc85c8dc237dbdef74ff6cf07ad56421
SHA1 464039e4a36a570d489bda1d4d8b2e04ee4aac7e
SHA256 a5ac6d9858daa180ed9c942bcb4f1b17bd44abeb3f71c29adebb17bb3b298e1d
SHA512 06bba4d06d0bd7538772a3e0f62ab17612c586b7ff8be26a32828b5b9e48375e2111aed2d08d977029d1855d6b726a2e74566ccc0919fa3c69779ef4ae2b5dba

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ac07ef97794e79116b073c00c4b12c6f
SHA1 7bc6b1c67eb95b5f277420268c283eedeeb39202
SHA256 380d1af43f0f1f60aa4392d92c6ef82c3715f0e7c1f78e3f510474264b37eaf8
SHA512 8e74c4d3e4c5e2495d13dbefc0ec6e80d8ba8f061abcc2ca6dd300798c8360fc09b6d24808955f607ccfde3c930b49c56c8bef14b07442ce75b6675938716f86

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:36

Reported

2024-06-13 04:38

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe"

Signatures

Renames multiple (5198) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MYSL.ICO.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL092.XML.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.White.png.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\office.core.operational.js.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5f0057bb09387ab0e6eca822a10135b0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 691c4d7debec7c1a5c5f500e49e07e85
SHA1 eb5fe59a392523edbd2b04a2f4fa046dd8a0d92e
SHA256 0582054952a2a9478f4184535d5175f7784634bf02689f4faa1bce139e2c001d
SHA512 bf8914e49cb3982a1667d1ca72cc480df946e5d39d0d372f6a75feec505aeb13bd2495c6a514f638cce4f42846f2724c1ba55e2d218e272d3515b924200beced

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 20c103f434ec1a0e570810fd2cb44198
SHA1 569330521b74e8fad0cff25a2b400d498d412bb1
SHA256 78e0b7b50bb30535aafb0a46cd813b5e1b719ab8f377090c87a10b7dcf77df0e
SHA512 bcd7be57ede72fdb96a3ab164e172c7d08e2ba8151b036650b8a9467248f6aceac4a5555234c14c6f73b868fba546974e0a16e30656cade479935c9c3f50c4b3