Malware Analysis Report

2024-09-23 05:05

Sample ID 240613-fn6hjayepl
Target 6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe
SHA256 019d59f21137aa6ef00ad5370475bd082a9a465aea44d88a0c75419049ec5f14
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

019d59f21137aa6ef00ad5370475bd082a9a465aea44d88a0c75419049ec5f14

Threat Level: Likely malicious

The file 6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3935) files with added filename extension

Renames multiple (5197) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:02

Reported

2024-06-13 05:04

Platform

win7-20240508-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe"

Signatures

Renames multiple (3935) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\2d.x3d.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.ths.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fieldswitch.ax.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\lv.txt.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpEvMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\de-DE\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libmosaic_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXPSRV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\MoveSet.potm.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\NPSWF32.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\THMBNAIL.PNG.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\index.html.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 714c682e9d888945410fd0805e13ae9f
SHA1 a222f551c0019f8b7620614a8e01b50b92949bea
SHA256 41d3cef268dd58f904fc8330d4c9b55c8a6f49e52837d883e28920fef381fcc0
SHA512 eecee86a7f02f46384a27519e56d1a5f4d704748679fd7c54b53b7db5744a6875dbe81b43bbd06fe18efe46175dc9247901fd2a2769ce78d9716de7ac9066e6d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6b302fcb593987d99c34e098b9ba3408
SHA1 b19d19357819dbaf244bbc1633f544ce38ebdae0
SHA256 409ae6ca166dc9a82b5833e5d9f0ac7fd0de2a80fa01f786cde1e683555ac659
SHA512 18eba0107d864a4b5e7a2e39ddf68c767310991aa368991a8fc705be534d44b32eee6dc3d8f5a506b95f7035e1b2902cc3d98f141f81891dec6fe5805aa861cd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:02

Reported

2024-06-13 05:04

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe"

Signatures

Renames multiple (5197) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.ONENOTE.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\GroupSkip.ram.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DenyExport.edrwx.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\SalesReport.xltx.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\MySite.ico.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\vulkan-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6084e4dc59ec4b013bb88c2189f1d2e0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 f039ee09721bbb668e82e54ddfb72211
SHA1 dad82bb510fd4c857a3e8fac1e16a021406e3717
SHA256 8f7e4352add35b9065751e6d4a23db1659859b2a66b92f45743a8ff19e036ec5
SHA512 60ab53a317f320091846ee7817dc9fb66a73b010b9d08b96f5d5e1b43de5aebc651bd86f9fac6cb0e90b365a7ef543419d57f7c086ef3cf48200ce684a56f6c5

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 72a881be6f658aa228a9b788611bab8d
SHA1 f6ad2690735891c25ab7b5259a2e9deb1dbdb00e
SHA256 34e4db8fda249f34f454f3d4d8c17574d838603086d0bf9f29438d78cca7a2c6
SHA512 0974aaf537210788a03a20dc7afd49bc8a64dfe6689f422d8a6f7277046459f5305b20976d7e18a783e47fb4b5c939c53eb1de81efe09e7ceed5a2fe7c86162a