Malware Analysis Report

2024-09-23 05:00

Sample ID 240613-hjw5eaxhqb
Target 66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe
SHA256 fb4225d23968d337de43c87a9e8b8c8448583702e66d64c440aaff20d49e6ed3
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

fb4225d23968d337de43c87a9e8b8c8448583702e66d64c440aaff20d49e6ed3

Threat Level: Likely malicious

The file 66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3797) files with added filename extension

Renames multiple (1851) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:46

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:46

Reported

2024-06-13 06:49

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe"

Signatures

Renames multiple (3797) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\2d.x3d.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\imjplm.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\README.HTM.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\uninstall.log.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\sidebar.exe.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libmpg123_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpOAV.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXPSRV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 20fa919b8948dbba3041e9b453c2af02
SHA1 aab67693c56604e7cb517b19e016f41e9377b44d
SHA256 0fe6c1ac746b0eb10797e15e6c74e94b40483c05b0f66c112e0e61a31d77ecbe
SHA512 d17316ccbfe8c6fc839422a25a86be7136c31aa6af476a597b6b722bb3d3bce761c51eb96ec992cbc41fa229d50bee66db93079f4229be5bb533d4650ae682e5

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b13693b62473476dda5de360a728d52a
SHA1 78eac393c71d7d982af8da5e9bb6705cb2948fbd
SHA256 98590da0f57d06eda7aa23a8fc12dc702356b9e3ad82379615b66aed5355b96f
SHA512 ce9dfd91e4bd836019adafe1aa7a8a7b97567472129fa616acb78d50d93d067f5d226ee6f436d749d0c5f05c5ec714e82a8b122e8dc82e2fdbb8cc7da1239047

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:46

Reported

2024-06-13 06:49

Platform

win10v2004-20240226-en

Max time kernel

149s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe"

Signatures

Renames multiple (1851) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\66c94a851fe468400d9d5f0c85b5d960_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3260 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.179.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.201.50.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 ed90bd76d92571ed50de8f6cc6900b0a
SHA1 2ca98cee4083d4c23ee53eba6d4b42db51e63cc7
SHA256 c9226d24f1f23caed959c60b4aa2edc27a04f3b33fc8986b028a5d5668af2363
SHA512 a03e04450f6f8bad4ab0a11b6a8cf049a7062ba8aac8db8b492a667b351263465a920f214a5ac3f400e74aa3c0649134c1c8d89f6f92376ed638a61a3f9db0ba

C:\libsmartscreen.dll.tmp

MD5 6dfffb9eafe9eaa5a3dc137d320e1dc4
SHA1 d623a5e97fca534a06426abd9b034bfa965923a8
SHA256 e5be7075110301b759393f27cf35033f583a038d9beacde041b44764d2c58de8
SHA512 3b9a1ec4ff668c2790073aee14d79bcf88a68aca2f515ca2fd05a777dcee7bca8061a2c8277f8853f60a0ed7983bc99117c384dde3cb4a32ccb8e2fee0808836