Malware Analysis Report

2024-09-09 20:20

Sample ID 240614-axbfvsxgjb
Target 942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
SHA256 54a303cf834f2d2747d57597bda7e3f70dd39b64448dfc85ae3fe38316e07e9d
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

54a303cf834f2d2747d57597bda7e3f70dd39b64448dfc85ae3fe38316e07e9d

Threat Level: Likely malicious

The file 942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3458) files with added filename extension

Renames multiple (5039) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 00:35

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 00:35

Reported

2024-06-14 00:37

Platform

win7-20231129-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe"

Signatures

Renames multiple (3458) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\it-IT\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_avi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\AssertBackup.vstx.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 14c3eee35303c529e5d0e88608ef5361
SHA1 279bbae023c65e36af1daf25a4aecedb2beba086
SHA256 73241deabb7d8688653fef31b6951000ff06b0864af033a5704d72fed47f2690
SHA512 73c11a2e5e9f69746f61797fe8f6c3abc513842d50a21a389c69a39afcc6bdca3c215739c99bdeaea08fc1c2cd2bd47ef7e063caa6da51a69bfdfeb887f37603

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4b4160c57330516040429f636b3f45c7
SHA1 bc4dba6690e6de1f531c526524f2a65eb81ed165
SHA256 59123bd8fb70451f6535a9b63d81422929041606cae83e8737d8ae95a314b180
SHA512 44e27b9df50933b544fef784cb6d80269e72afb4ae1b2c1f81984d27f697a00d0a6c3d759a2397f7211043c6e5d2d4411bb3187314d97fcb3e5e5592393172f4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 00:35

Reported

2024-06-14 00:37

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe"

Signatures

Renames multiple (5039) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoianetutil.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\BHOINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\ConvertResolve.i64.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable-dark.png.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

MD5 8ecc4d67d09701f814147ab9a8bb12a2
SHA1 dc5ace7fe58a416f2846c18aa56703f4574bc543
SHA256 f1a7ff8c6f9df7e97ef832cb9e173dac3bdac41dc852ecc877382358a14d4c69
SHA512 54370f52746fb5f0be3966e779899ef3e3c40ccb49beac71b53f27cd46d08f5b47c1db22007606f620ed0874a37845bf37f15d40ffb1a1c21cdbc7854c2edc3c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f0d11aa9d05a20c324f2893b8ddb2925
SHA1 1ff850f63f1561355b11a1933add469e72c6967a
SHA256 79525e1a2055852d652643bf7d8c922d125325d3b5079dd7e3d661edc1fa33b8
SHA512 b1b2047ebfbf729d5654a541a4182246a741b551ab5639c8cc9a881b4c02664a01f0b4c43aa621b49a38a421ba2126e91be09e52de3430240b9ef873ef4235f2