Malware Analysis Report

2024-09-09 20:24

Sample ID 240614-ajamea1bqn
Target 9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe
SHA256 cb9cca343eac805bc2fd4f063850bf5c92c908cb542917de3978849d0b39e432
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cb9cca343eac805bc2fd4f063850bf5c92c908cb542917de3978849d0b39e432

Threat Level: Likely malicious

The file 9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3441) files with added filename extension

Renames multiple (4841) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 00:14

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 00:14

Reported

2024-06-14 00:16

Platform

win7-20240220-en

Max time kernel

149s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe"

Signatures

Renames multiple (3441) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\WET.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Acrofx32.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 5c59c8f6fca17dbb7ab9b49c6e3b2c07
SHA1 fd2c7e0d117109bf9c9dd5680c7cc7d38a80146a
SHA256 5de7f43fadb6974e5fa3dd016729eaf81efcd1db8ef45bf0177e61e511ab3fcc
SHA512 d83e01eb71e3f83eeb00c2c6b7779ecd2862367a74b2931e542573cb948acd0c0f7a070d9c2b515fc41dab838fcc6a3529c7512e50335dc828682e98b86f23cf

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2d399216a8e2451b2ecb59010d46e989
SHA1 471055379c50462e75fe0a4338e35e8b26e3af7f
SHA256 fcc4c0099ad9fa2d6a043c2e5d6a84bc01b53ddbd71032299905dfebe3b9c8e7
SHA512 487cc9ac97368c4a548b2ec123e7f1747519ccc0208d05d06173c8cf70526643640584965cb9de374b3d2db27ac7e49bb41ebf882973328f587c566e27cceff3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 00:14

Reported

2024-06-14 00:16

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe"

Signatures

Renames multiple (4841) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL.HXS.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLTS.DAT.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9289fd99f70be68574d1c49db1797280_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 b9f9fd3697d47c7295a9efa152113d8e
SHA1 d9404bbdc7b9dea6c2ebafb88d917220c5e0af54
SHA256 0914371e6270eded0af61d6cbbd3a4de01a0f87ca65b4367c90a87bbaf7549f5
SHA512 873d4b203e477f477aa4e8cd3f867b711d0d42dfd738ff16070249c2bf8987b7d2edc28c100a3460de7e900a54f751d1f3e8630bf959cacac66ba3d2fbfa4154

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c326f1c876edb209455481da8ce19791
SHA1 f64b75f6c03f1cc9d1409cdf90ff9cc8a5abcdc8
SHA256 07db30b2446b80155f45b5c935f1164004c201e8c6deb2d1aaef2557196fc548
SHA512 b3a318425911b92a55fdb760b1f3d2a1a8dc475ac6b558735f747ac223990a50022a201b66abffcfd212de42eb053421d0764438b81ef20e7ecb59eb2d2a9cd0