Malware Analysis Report

2024-09-23 05:04

Sample ID 240613-ehp3xstcqa
Target 5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe
SHA256 c84db088258081bde1df66949726c8475fc862ebf04cb2b0029d3adcd8f41277
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c84db088258081bde1df66949726c8475fc862ebf04cb2b0029d3adcd8f41277

Threat Level: Likely malicious

The file 5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3782) files with added filename extension

Renames multiple (5342) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 03:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 03:56

Reported

2024-06-13 03:59

Platform

win7-20240611-en

Max time kernel

149s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe"

Signatures

Renames multiple (3782) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEOLEDB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\es-ES\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\PDIALOG.exe.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MSASCui.exe.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 f66045a51236536fa9cbf946a49f8fd1
SHA1 5762eb696c9e8c118e3e6f8ba9e538ec507608fa
SHA256 fedede76b911e26f8897d43b3b52cb96e241d1c1aa5d389a0baba14b0707c06b
SHA512 c890545da82c29a64dd7c1d85e7c52f523c2ece756526cf27c70819d22587139a4e9757e0a770c5aa2c2821f088c12c44851982f96863386b9a003e9ad637b95

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b4ee9ff5868819ba0ff19c4b8ee61759
SHA1 e922ca9fb2caa77a4e625fa1b617f34c78923e18
SHA256 1ff30cc599422bae247d2e1a6f834d2c78f8abd98bb0d2e96e0e45bee564af3f
SHA512 d0413a8904d1fcc7c41516b1588a5be7c2b9e42097637b17ad9b865c7d09cd7f528e8c4a077531121ce6eff50ca4d9638afea3b74d8c37b542f07917811553ba

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 03:56

Reported

2024-06-13 03:59

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe"

Signatures

Renames multiple (5342) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUR.TTF.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyResume.dotx.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONLNTCOMLIB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\hmmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\DocumentRepository.ico.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\WINGDNG2.TTF.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5c7706c9121c31392722a600709a3860_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 9972d6fa81d588509045501b2adc2e2b
SHA1 0d7af206b8c0916d7f9c1b41ee155ea36a4a0cf7
SHA256 a15de274e826104809940f74bdd77f5ea7e5c49c00868ff91dddc80a9102a2a7
SHA512 42da9bfcad6d583460db55e59f0c56bb121736a6b14187123e09253d0b6497c5dbccb02f027dc6f50e8cf5dd70c013b3cf7db366fff54a9308e20e2578ce357f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d3ba74c952cd8a9ebc54249bf37b51bc
SHA1 f2c0a854c7c47289940cc8b2a97fa88772982425
SHA256 659b82f0b3ad189acbb7cf73244f67cac87ed9db0d811e2dde13ce6a1af71ed3
SHA512 a971b68fe0a439f40f03039f236ff0a3db1d9c7ed4b90bdc359956bde7ff9e49c9e3e7df5e89f9df4dcfb849855d52afd30097ae09da46e54ad8b893fa2b9cc6