Malware Analysis Report

2024-09-23 05:01

Sample ID 240613-jnbvpsteqq
Target 6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe
SHA256 d18db4a24195c4554b3d149cbf80cbae7ca7052a53002cb1f5c8ca08becd6d1d
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d18db4a24195c4554b3d149cbf80cbae7ca7052a53002cb1f5c8ca08becd6d1d

Threat Level: Likely malicious

The file 6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3771) files with added filename extension

Renames multiple (4909) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:48

Reported

2024-06-13 07:51

Platform

win7-20240508-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe"

Signatures

Renames multiple (3771) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\UnprotectSuspend.ADTS.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\setup.ini.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 de671476ce7e54cf519110a556f1504f
SHA1 ba0dc05053e989f0701d442550c80c83185039bb
SHA256 565f4638c222648355fc3c599942beee056d9cace7d22d84103645996aeef213
SHA512 9583ebf4d89ce7f151f87a9a814293b9abcc10051a110d66312e6fd479a444a0aa063d663273f68bb0faf6f4d4f182754e241b22cb9116e97c45b463618d6038

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 abf8b03543fa681c295241318976883f
SHA1 ab876b60cea46a5d98588e70f67b693d9b140dc1
SHA256 65f0b873fa262f65d67471e8afa5a07a4a98e317f6c9c88ef129025285e1630a
SHA512 95a7221d9e1a955f58d6f1d81bf95f34f925d1bab0ada81fbc1c1822b941ffb5caf6b88d8e5bb095c56282e4eb949bc8b744ed46cc2180d2d1f532dfbbacb5e1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:48

Reported

2024-06-13 07:51

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe"

Signatures

Renames multiple (4909) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TITLE.XSL.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL103.XML.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6a53ab36358b32c55a21bb450344cfc0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
BE 88.221.83.234:443 www.bing.com tcp
US 8.8.8.8:53 234.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

MD5 79a907707fabcb090c999021f21f56c7
SHA1 10fdbe191db2f62e4732b05e5e10afdd6ef9205f
SHA256 5e9575d768d52ddee342fba8904ebdc2de4410818b24851f5329ba07de83414d
SHA512 c15d9395095cb973e73aeaa7ea9ffa650c99eb1b0a6dfc85c176d632d9c3f0006925918251d916a55dcde793094ee9bac758411543cca9037c0257deb31549ac

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bec5fabf2cedb7ad1c56bd7fe2753c67
SHA1 f3124d7391e2c819994b1f29a8285e8d07bb8f28
SHA256 33a32eb236f8dfc2e4afed17bc7a825a3ad231a0f2ef41d6575d10cec075ce62
SHA512 5e5b23ec0b12af94a9114fcca828844a97e729fc51eac843499ba4918a0f2e00d45e26269d7d4db28f0ef8fce6849a8fdcaffd38649ad9f39d61dfdb76d6a5b7