Malware Analysis Report

2024-09-09 20:24

Sample ID 240614-asemqa1enp
Target 93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe
SHA256 a7af1dd21059b587a6c9374eec9f62fd2790123b3a4801a918575ea077a803f4
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a7af1dd21059b587a6c9374eec9f62fd2790123b3a4801a918575ea077a803f4

Threat Level: Likely malicious

The file 93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5195) files with added filename extension

Renames multiple (3681) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 00:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 00:28

Reported

2024-06-14 00:30

Platform

win7-20240611-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe"

Signatures

Renames multiple (3681) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\THANKS.txt.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 dc13c7bb6ff3f275830ac20bcf140f4b
SHA1 c0ba1f5e03cb21bd8eb657962eac2f120c94fce0
SHA256 90d2a61d36eb98a37c3602d32137f31742e59a202fe42a255ece7c365b9d0205
SHA512 7550d0886eb0c9d4e8995ab4d8aec2091bac799c14c4b0cc8e404e64f5d131f2a500bc4e1cd92dd7e76b5ae32a885af72b0568d3b9954dc1086ad7f9377abb54

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e7c55ea8b9b9530f8a9fb3087555096f
SHA1 e69304fa89d852837162d153f721dad8279ffc69
SHA256 6bc7e3ff537119617c3e78de89421af7b90d043f93b8e0d56b3b8d148c280cdd
SHA512 2b2f96237bbecd100ef9622c8308bfab4329cbd4cfb3c4d41cbddb011b7695641c05a817b27585bb80329f48d990123102416d43a96904bc5a8bf2f989db5960

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 00:28

Reported

2024-06-14 00:30

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe"

Signatures

Renames multiple (5195) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\EssentialLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH.HXS.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.stats.json.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\93a26fbd7f4d45de8470a0abaa76c6f0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

MD5 2e5837763414382f7e0a7f6fd81ea8c8
SHA1 085ade6c55cc3c17590c4d15fb332bde2f5904cd
SHA256 d9b6b01c8efe45b731a779a477f0c6ec8ab7c03c47459dac2736c9a57755b887
SHA512 bdb9ba97513bfbf9ecc41cab107162dff85aa1b67a5b0c48d3a46c9390402501a3928fd05bb8bbc210a6e8d781293e16903f18f9072188e5a49146a697f481f9

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 641b2d6b45a91757a6745d9f93ce404c
SHA1 42ec11b0ac135bce6a6eff9fc066fb35f7e85a81
SHA256 1ce7c9b13f3469f7f767de41748178294d340938c9674d958108c2fa95db0ffe
SHA512 53cf953dbeae677f1cd7bf30af3d7b811cbf1aefde9fde18db45e373bd1ddfcb3a5d46c7c617b386079193ccf69d14d2d28c1dcf755fc56383877b227a0bcc34