Malware Analysis Report

2024-09-23 05:05

Sample ID 240613-ej24watdjd
Target 5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe
SHA256 d7c5b569e3fd8e2a01d874595a5c03b06a6377aa966d36bf2128d6e66e8b0c17
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d7c5b569e3fd8e2a01d874595a5c03b06a6377aa966d36bf2128d6e66e8b0c17

Threat Level: Likely malicious

The file 5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3725) files with added filename extension

Renames multiple (5247) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 03:59

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 03:59

Reported

2024-06-13 04:01

Platform

win7-20240419-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe"

Signatures

Renames multiple (3725) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\JNTFiltr.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\dicjp.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EURO\MSOEURO.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmpconfig.exe.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Shorthand.jtp.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 38e284d14cd5357f7ab2e4b0b0810168
SHA1 37ab3c5b450ba81e3623bf0209a1db4a24c61438
SHA256 9b9b32105ff8db5dc1d066edd0b5c7ac566b566b5117111b66e4875258647730
SHA512 3b60f824b2970ebab9c648d501c62fb63524396ed7517cdcedd0d2d17ea4c3561263de0554a5188155a46751788157a6a83021b2b2bc33b43880b9ac2aec8077

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 029868dfc0f5cf2a662183352ea81304
SHA1 1f5ddc0655e8c0fd01f0c26103390c658212db21
SHA256 d5770251bce0fe2298bdac9c220d14dd946aa29d8add2e84ae1a3692dc94a352
SHA512 3e95bc982b9aaf3f712a5f814bad0989e862907ff86168ebb67ea36591fd4366e97761e985546e03c2e1dc807775b75cfbbd99ae8ccace277d95d20ca825363a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 03:59

Reported

2024-06-13 04:01

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe"

Signatures

Renames multiple (5247) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryNewsletter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BUSINESS.ONE.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TellMeRuntime.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VVIEWER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000A.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Services\verisign.bmp.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5c97e1267129e664a5ecd987dabd1270_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 768abe688d8d0c492edf52ea46bc10b2
SHA1 c06a7ed084ea5800cc41bbc838a03d5c354f9b21
SHA256 67e8e4eabdb5e26e1050519e175c7964322f9e886a64c9125a322d1a030ba134
SHA512 2e5cf662db85c989689e381bfc284162c7168063fe036fc5d06ba3b46f9ca3886631f238cc52efaea739674691ade1de17ff2390e708d1b2d1a6db6efba7a686

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ca3c3b6420284bb624d1e1363049aaab
SHA1 7f9ebd878521880eb8efcfa3d22f13a1bfd7148a
SHA256 8265010647b1223c27615bec69a9ae3da052cd2d539e0497ebe22b0274756e2e
SHA512 841064507c58cdf40cc7654fb4fbf53898fa9eeb2d4cee1fe3bc73b3bf83cef23d935ab1970be9c0bdf1d0022b854f7ca3f4d1cae6b1aed1df34e1e54ea2d7ef