Malware Analysis Report

2024-09-23 05:01

Sample ID 240613-hcgq5s1hmq
Target 660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe
SHA256 06d2a8b55b26067b2dd1392901b9a65b177f6e64fd8951aab411cd783e07076d
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

06d2a8b55b26067b2dd1392901b9a65b177f6e64fd8951aab411cd783e07076d

Threat Level: Likely malicious

The file 660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5299) files with added filename extension

Renames multiple (3672) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:35

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:35

Reported

2024-06-13 06:37

Platform

win7-20240611-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe"

Signatures

Renames multiple (3672) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ADMPlugin.apl.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msader15.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\NBDoc.DLL.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\be.txt.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2488-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 3f933d9f6fe2b961854c852fb95ce8ca
SHA1 5c67dec9b5b4c6fdb5beb82eba1141957d645be7
SHA256 6b06b2390907800eb2e09a7430f9e14ee88ef886cf4654556a4e86b89c29f30a
SHA512 e3a696ddf0ace42d670a62291f3376d7343ec1989e4e1563f00b3cdf3740cd358ea831ae7a6735a6ac3d939f0f27478758b7faafdfe39ab9ca401cac972fbf87

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ca3342a9f3cbfc9dbb1a697064630ca7
SHA1 61dc9ecc831ef7dc62d80c0b369e04947b74d0e9
SHA256 4f6fba7740ad89a061653a87675cd1488d1844750fae8d3f296342ee429eb61b
SHA512 d3709756fa68ab28350f4b30ad31c7eda8cc2d59c1a0346e2c1c439362faa35abfd3eb89ad70b6f9fdaed94bfada365f0420597409fc31585279ac8fb518a2da

memory/2488-648-0x0000000000400000-0x0000000000408000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:35

Reported

2024-06-13 06:37

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe"

Signatures

Renames multiple (5299) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\CardViewIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\DenyCompare.jpg.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TAG.XSL.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODTXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\TimelessReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\libeay32.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\660a6ead6fa96191b02e3f4ef4b7dcc0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/4808-0-0x0000000000400000-0x0000000000408000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 83de6f5939da082292a172df313e8ab7
SHA1 82a7fa799c8d6394ec733b8a580b4f3f36754bfb
SHA256 38c6dceb94dd4f5c8d9283004971c6c5e58b34daff124146937adc757cf5e3ac
SHA512 e247a2065bb79aa1bae80c0d5ab984b539a4a34b9f625407cd31c3627c86b625b8f3ca019426632c77096220ca8fb26bae6778a4d92d31fe88a1e0e516649667

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 fdaa881257d6564352972bdda8284f29
SHA1 b03012b9981a4387769458f7276e1f6ceb7251fa
SHA256 c324d316ccacf06cbde8a7a936614030cf9b4f8130d9e5b977efce7844fb4656
SHA512 c8f358fefa89cdb942e631a057e0221b5eff0a69ba3efaf4c9c924545e18f498d9fb9b3220dfa2d5ccf1c1c084b9627d87f94497cb3b9c3339d6b201b366f658