Malware Analysis Report

2024-09-23 05:06

Sample ID 240613-fmzzcsyemj
Target 6078970919726b58273b779624e84a90_NeikiAnalytics.exe
SHA256 f01b3b24d38450ca548355ce94e731cd2af086a0550fe3de08843542c642ddb8
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f01b3b24d38450ca548355ce94e731cd2af086a0550fe3de08843542c642ddb8

Threat Level: Likely malicious

The file 6078970919726b58273b779624e84a90_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3509) files with added filename extension

Renames multiple (5196) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:00

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:00

Reported

2024-06-13 05:02

Platform

win7-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe"

Signatures

Renames multiple (3509) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libyuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\release.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\RestartUndo.cab.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 72cece605757e35c13805faca6d7d954
SHA1 b72a08cc75bae5c10881e63e09ee721f768e8c52
SHA256 f35cf2738fe628e3b71141688030855fba1108fde9e7961310a7301146f75a55
SHA512 59e1863c1a826d5340fb9a3f7e89e91badb33dcc688ba5153c7e2b88fd13d89c9e967fed7544b2e56781ecbf54a4e671993a47846786b8fa9e3e15a5ac5d29e8

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6bea19e9c4c5d095548ccc9a6a180843
SHA1 da3593badd8d15630a2957aadfac94199b70576d
SHA256 c95f1b53b9c8c4648b947ded9e932954ea39a60a230d4f14b1ef2ec485ccf83f
SHA512 b304f3715c0508735950c98b4ad28939482831d4f45366ef6792012b6592f8ce6b56487f839f4bbef62290c6e1dd3997cc65ec4dca02ee5350c957ca50e4e71d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:00

Reported

2024-06-13 05:02

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe"

Signatures

Renames multiple (5196) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN054.XML.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SFMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFUI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6078970919726b58273b779624e84a90_NeikiAnalytics.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 3c88b8d5e95ea7abb5e96ed8824ec5e7
SHA1 3ad5402d6e05b173702ae68017fba3aefde8062c
SHA256 1b1d845fa98f6acb7617345a1eb0ec0cb2dd672d391d112e3015d37a3d4f9d81
SHA512 b1a91737494add5771cb384a5863470df232eea0f2c9bf72a1363ad732053ef163787910bdae48f7c16a08ee298c3260ca67a2ff94f1054d911af0ac3f7b60cf

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 cfc32319b66caa4f42f937a1db0e3456
SHA1 b2202e276ef2308677d3479259c43f607269256e
SHA256 f399f30f6da323aa5d2aa58cc554f59677725b1efa6846c38e28f7151d8e9f91
SHA512 f671681dc0e7a4f5bdc552bbf22de9cd80155f92a61210576d9d46458e01f73a774690bc3eb3782defaf947e62755f3b27bcb98cb547eb203a23e69782a7d7f1