Malware Analysis Report

2024-09-23 04:44

Sample ID 240614-a72e2asbqm
Target 9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe
SHA256 c829ca177554fd2e11a78b6a3d7b16845311d4826098a1cf5fade5cbbcf68f09
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c829ca177554fd2e11a78b6a3d7b16845311d4826098a1cf5fade5cbbcf68f09

Threat Level: Likely malicious

The file 9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3433) files with added filename extension

Renames multiple (4876) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 00:52

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 00:52

Reported

2024-06-14 00:54

Platform

win7-20240611-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe"

Signatures

Renames multiple (3433) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MSASCui.exe.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 e5b185fd0b16eef69fc57713521eb645
SHA1 491b002671ab41403fb6ef2f99d00f3fe2196fc5
SHA256 2067b06c73374f68a27cc113430ae4c139120ffabc034e7862e008583c247523
SHA512 cd98ef45852bc5ebdbf016c2c0fdec8b21f70936d18021b8627e254f6f2c70abddedf483f7f19685e067d00b83bff3e858a9f7c5c36c8bee06b317463b0722e4

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0d2e10767bbe3c5d66688c8fe28d8108
SHA1 0b0bd482882470f5a72e214a92a61dbecad3374f
SHA256 fbae152666ffcb588d23d16503410e560cfae3e7e8e69000d1999369596c4ef5
SHA512 0616585cb060fb19e260df126d21386dc472e01016db3d998d3f416710f06e9bb464b542b1db8b95879cd63cf52d4c8508d41bc25ff3b6d1372de6e6513e80f9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 00:52

Reported

2024-06-14 00:54

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe"

Signatures

Renames multiple (4876) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OCSCLIENTWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OWSSUPP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\libeay32.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\LICENSE.txt.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9508c6b25e63a5bf57331534ceb85e50_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 6.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

MD5 939329063d1ad12fb50d29d540699595
SHA1 9d716d8b12e5ee9c933cf50247b7a5adaac0f2b1
SHA256 fc3d095295cf35d3041574dc07539c5a73c6ae1f875746633d14acc106c41f59
SHA512 8e3b356f0d794137188451fe9256f34cd268c482d0465cb4ca6751f1d1fad246b19b1f9292278812753ed678486f3fedf20d7040d64adec3c4bc7091833959e9

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2bc0d4f926b4320bce3b1e69ca4fdb6f
SHA1 320b75f190729d428c2f7f43d970d2ae03602d63
SHA256 b4e9c851239c5e2648a218cc8ec85f3f4a9f7736d4d4c373e8790bc3c88a6dae
SHA512 56e49f44bc66133027426ceb71b3b2ec27b88980b1b6267de28e393051b3fbb907a3ec9b4bdd160c64d0a6d6ca5e3cbbd48eb1b8c0b0b818e30153a46b404f85