Malware Analysis Report

2024-09-23 05:12

Sample ID 240613-k9df4aself
Target 700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe
SHA256 10ab518e4b431376e66fec14c0ef923ff044aea5565bbe426af80e8fa9b4f0a9
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

10ab518e4b431376e66fec14c0ef923ff044aea5565bbe426af80e8fa9b4f0a9

Threat Level: Likely malicious

The file 700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3502) files with added filename extension

Renames multiple (5012) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:17

Reported

2024-06-13 09:20

Platform

win7-20240220-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe"

Signatures

Renames multiple (3502) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libinvert_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 29087e7c620827e6182ca14f75d22ff4
SHA1 1a0477dc51bad35fcf9daf79347c12200cbadacf
SHA256 881073335f3692159377e2e8b2eb9bdf4ceb3f142290348c9eaba261992d099a
SHA512 238e7193ebf09e8f154d464de6251fbac46d89618d81869311c48dd60ca47406075df48e57c19d442b612b415c0420f174757d8fee86094784d565837ae6091d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ec1c81dee764a40e0662d3e3c43f40f3
SHA1 425e7e0905a9b34206bc9adbe55c52a14c345da8
SHA256 1d85506376720107ffdc654e1af9485c5d6d4c3f4f6e59366154c85c66ee35ef
SHA512 9f9b2f697d2cef1b40943eb9b326850c189cf19071a49e4852c87dd3143a6b28d00536a34bb998e5e5be6cf77cd6841e9c2e718c5bca0aa0127d53979dd1e730

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:17

Reported

2024-06-13 09:20

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe"

Signatures

Renames multiple (5012) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\images\bing.ico.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock.png.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN121.XML.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\700dcf9ff442d2e36761477ad3522a50_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 23.62.61.57:443 www.bing.com tcp
US 8.8.8.8:53 57.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 a73f37ef723c910c0d1ec4ac920e3c52
SHA1 4fbb79ff0c4fb50cb05db1b70bdf8a15ca7b92f6
SHA256 002d618099f4595de12c0b0a060592d30bf82909e08774070f352c24ac7bc0dd
SHA512 40d5399f2970ef16b2b40583c42e9eca8baf4dbc05f582ff56d0cd5eb36526c297c283b8b6ce110b23a4e8fee996aad6d6571e93f2c9f2b5be02cdf2b79c43e1

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8b67194e44ded1513ed35c82ca4f19aa
SHA1 8887eb55048e876dfede8e2cb45a39ccf45d0f75
SHA256 f4a297771a9dbbcd602676dec08482fc3432db258415dcca3939129fc78b9566
SHA512 207d45fe25a42c556f7be5ca2918f866d0a245802e22bbe9557b6ed12176a88316072d8b1a50b1360ca80164a556d431e2d92d3a65451eb4523761a279dbac62