Malware Analysis Report

2024-09-23 05:01

Sample ID 240613-jk9mkatelp
Target 6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe
SHA256 69d381cb78c03f088c83fda3c299a540e032083a7e90afbe30cfa34368381c00
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

69d381cb78c03f088c83fda3c299a540e032083a7e90afbe30cfa34368381c00

Threat Level: Likely malicious

The file 6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5352) files with added filename extension

Renames multiple (3531) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:44

Reported

2024-06-13 07:47

Platform

win7-20240221-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe"

Signatures

Renames multiple (3531) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\wabmig.exe.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ieproxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\ja-JP\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 187dc8978a4b6dcfd2d3a8b8df6ed0f7
SHA1 1ae06f91233043705c4293850b1caff72e300a88
SHA256 ea94c94e65f2d8c7299af33a50d352bcbd28285890dda8259bdf2cd9e13db394
SHA512 f5b84a0752439a21a159f56a9df5797072d2cec3d4a9aafa61193a424af39aad3722c428dc1a3c1481e0e4af82d1e856683332cf54e7aab2fe406fba5813168b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4e429acb1de3eecdc5e418a0f09c6c63
SHA1 096775d90ea0f210542f91ba3f8ea085ecc03b3f
SHA256 9fed7037e7073fc25b6c6829907c98128c9fc8179e90e3f4134ce56cbb90689a
SHA512 41630a6b3e508d323bf6ff5cd4e9ab999861e297d836306417b22b786d35ac63286601ed461f209acfb5fbbd31e351941d12fe4c9c4d13e1b0a93a46981372ca

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:44

Reported

2024-06-13 07:47

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe"

Signatures

Renames multiple (5352) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.WPG.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYH.TTC.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\FREESCPT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6a1836ec407359ec0a027fa7f1325c30_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 bf434ae291f3e35711c18e45510aebba
SHA1 e30ee9f7de9a89001186a542dc228b6a27ec7ba5
SHA256 e5f110fa99d08606c9fd530119233ce66c749d2e8397175ad1663f227fd1fec4
SHA512 fa125715d4352c849c58a976c85446c1fe25aa6a22b435b299d12671a5777291965d7eadb420507f28c3040958046585e38f262b36e756cacbe617698166695a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ae6a0445790a15aa075199107ed7d157
SHA1 e5e1e386ac95998a0bfae2d52165430ffc2a2a53
SHA256 1f631eafef4f742324178e5055859468889d7c1f0850578db775d89eb3b2a308
SHA512 de30a8a069dedee3eb48d3f51d988e4a20a4bf1e28d408cba52fc76b624416e2f37de2a4d289a0e022e574327c220c68fb6cd1c9506635f1d665f988845cee83