Malware Analysis Report

2024-09-09 20:23

Sample ID 240614-b3nh2szgld
Target 97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe
SHA256 6c604987f3053461843438c98c6753f1c0dc878325280ad786df51db57180ee4
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6c604987f3053461843438c98c6753f1c0dc878325280ad786df51db57180ee4

Threat Level: Likely malicious

The file 97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3435) files with added filename extension

Renames multiple (4722) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:40

Reported

2024-06-14 01:42

Platform

win7-20240220-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe"

Signatures

Renames multiple (3435) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_left.png.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\installation_telemetry.json.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_copy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\setup_wm.exe.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgrain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 dc0b1fe1fb5cbf1216fc669d4b5f3cce
SHA1 9c12f1aba911deb21d80fe19a2944561d174ddfc
SHA256 d38678c0f862a68164cab1dfaea3be85276a1d0b86bd626df18b95d1fc0cc2eb
SHA512 dcc6d20d8fa36200d613bd0c0f6ed373e7bef1dfdbd0f4e294b7b2054b96a80fae87f66c174a6f75b6c6f655e79448c41fb6a7e64836103530a94e82968b9c21

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 850ad828dc166a24f1c9f11c19fddef1
SHA1 171b11449f5552433e32723d731e26716c5651f3
SHA256 07bc60c79877e14b5c3aa18a7a1864a3c8b819b6ea73b0dedef459f0edfbc1a2
SHA512 bacc97d00aa7497246f57a7ab5de561a0cfe39cbc59db96678d40ce6cd382cf24b5df8460caae79bba43aae4e9a7c46af7655d4c9a244fa70905b4f20d7f67a1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:40

Reported

2024-06-14 01:42

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe"

Signatures

Renames multiple (4722) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\97ddcee07bd96d60c31d40a16e9f6560_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 8682ce2d9bc5b9e8e68bfa8a2cab83b1
SHA1 83b0f8bf794b2ece607f12c3b5cc13b7ee95893e
SHA256 996f349f91435466ec423a78f4219d4a20657dd9d80fdcdcabd722c6b0f3a564
SHA512 7856547df4990b8f7d5aa8dfc9c9f9aa18a0b4e720ece617a89ca8d8740dc494e34fc8800f733e7b247835eaaf26cc38aaee4797f2efc2f5e6324c9d9d695511

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 27a2b74ed9833ce276f8d386fd1c79a3
SHA1 1d25651d61d71bba265c0b974c59c23ba16728dc
SHA256 687991e14c8f57b8e9ac7265f51ada276ff18e009d9b464ab1e548c49c33887a
SHA512 0d11b369bb4a6402a3cbc5700f1131853c6a6c65c7f3aa2d762947be5c65ed33403c1d9000668d72b4b01eee4850aa99f558fd2d1644293f83d4a71490e3c59b