Malware Analysis Report

2024-09-23 05:00

Sample ID 240613-jksdaatelj
Target 6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe
SHA256 0d115048448a23b253f799eeb0a6dd31893955879c3e94993937f03767b56ffe
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0d115048448a23b253f799eeb0a6dd31893955879c3e94993937f03767b56ffe

Threat Level: Likely malicious

The file 6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3617) files with added filename extension

Renames multiple (5022) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:44

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:44

Reported

2024-06-13 07:46

Platform

win7-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe"

Signatures

Renames multiple (3617) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\APIFile_8.ico.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.lng.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 184ccf5bdc09b64efffb05a002ac53de
SHA1 52c6db9945d4cfe2c9289a26d738e052f753c693
SHA256 6adf55c76e6c42d75462ca2cdd0ccc020b6dd135856a45264b6bdfdbb72a1ad7
SHA512 84d6aff3713f4110e106e9ae0b7d6cecc2cf11a1f4234ac574dfc31d21158a8ce89b67e767d151881df1e05b6fdfdc00bb5d309d9b08dcc0e02803781323ef0b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6eb7f82a2a773597df7963c29ef374a0
SHA1 dcaaeef67a8404ea3504f18de7cebea65a7b719b
SHA256 db03e0da34fa2e2566ec2f1f042ce9a2709a489a73058e1d4f3e3d1f6c2f221b
SHA512 8ae00bfbe3eb9320c3f6e31e47548f9d2495624b387731919fe5f31809bf5e8361e27f4b6ad1a396bcbcfbd9999f45aed240fb08a262ed4f42abcb4699283be5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:44

Reported

2024-06-13 07:46

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe"

Signatures

Renames multiple (5022) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYM.TTF.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\FileSystemMetadata.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL020.XML.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6a0e03ab790f94bf0b13a38cddfae390_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
BE 2.17.107.128:443 www.bing.com tcp
US 8.8.8.8:53 128.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 212d4b86e662f21884cf964c77d6afa5
SHA1 b4917b3b0600d9ab4a155203c7fa222fcb407bd6
SHA256 4032cd2b3ec19bb202e5652fda56788ec82ca493ed799bb5f27a9b2702d134aa
SHA512 e5964cef74918d809533e1fdd3065b9330dd945aedecee0a592aafc9d1bcb9ab87070ae68d8ea98b889d8e4e47397591894d4c4831bfd1af3fd9e764d8957d6e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 00b6ca1aac7340ef164e119baa696cb9
SHA1 39bdbd9b35b20e8761271d1934da71e326fb26ab
SHA256 f66e7021ff5d1d3da886ba925882673af844cb554d6db889cf25d8634d842595
SHA512 b221fe9508491e0c987744491833bc4efe4d540a20b666b504f242a0afb8a66a3ee4c35489ea1bfc59c11ea72971e47d0a59180fb28fb31d0bc86b146c748218