Malware Analysis Report

2024-09-23 05:02

Sample ID 240613-klswwa1fnh
Target 6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe
SHA256 4cc74ad0643dcbcea3a07296dcd79b49a87eb8b638e4a63d032d781ddc79b326
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

4cc74ad0643dcbcea3a07296dcd79b49a87eb8b638e4a63d032d781ddc79b326

Threat Level: Likely malicious

The file 6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (4124) files with added filename extension

Renames multiple (5217) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:41

Reported

2024-06-13 08:44

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe"

Signatures

Renames multiple (4124) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MUOPTIN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\MSOSV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Spelling.api.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 e14267f920b8495c276b5aeb9c7cdc2e
SHA1 fb5105b09f1996968050c50b8b30daefbbda4630
SHA256 531c30af7d273a40360071c57ecbf1d7275e2b4d8a4ed6a0dd1604a3dcb999fe
SHA512 9971f2ecd88e1f747d04d0ec02928de63a99c2d18529898a3535fe5d723b5e4419e85d0210a637288abb5b4a26fdfd081ba5b286f150beadd1d30728cd5ba360

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 da7291ea3264e3e8c0c1a9bb11fda7e4
SHA1 a00df9797e6a49c57a065117975f54a269cb19d7
SHA256 32b38d19efc86a3be29d13cc8e96409f893834f0bb3db62cc447b1f046bb4e43
SHA512 7ece12f90e130f7c122625efcebe5ab4991e95048607ce46d27141f242459013cb5acfb89b7d64cd13550e3cfe75642a1ea368654f25b8f0a9d599288414fb86

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:41

Reported

2024-06-13 08:44

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe"

Signatures

Renames multiple (5217) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL111.XML.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUAB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUABI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6daca61f96e33dff0139ed84b1a120c0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 225.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 b3a8df4ecc49be66354f33fac93e3646
SHA1 9ff153dcb1c7e29648497f0d1cc3d893446f15aa
SHA256 0727ce4885c56049cf88698eb6a81a9a4bedeae7eeadcc92c14c2c59b2ec2daf
SHA512 69a07b9b7afa71e01d3b9923baae03dc62dc5ea9a7b309db3aba351346b0b6c075efe035f58ce780c1a7f3f88c4d4c04dfe76427ae85fff742f285b1c695f246

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ecd9eda1321c7128d94eedd6ed3736dc
SHA1 99a284d8084f9ca49fb458ab70ef081157040ef7
SHA256 a4f03143738765c987704fb02b94acebfeba44d041988bd557d15ea18e3e0d16
SHA512 dd7fbb4af7e97cdfd552f7b861f1d1b6d96fa618b9c53cebe27dcc8233d42376568ae81774caba6faead87d5ebba0e8b4fe15965ed86d917dbada9e4147e6c6a