Malware Analysis Report

2024-09-23 04:44

Sample ID 240614-bwvnsatdrk
Target 9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe
SHA256 b3e2cb68e9e7abfe096d54cdd6072827da652c0916e55f41826e744633fd88ea
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b3e2cb68e9e7abfe096d54cdd6072827da652c0916e55f41826e744633fd88ea

Threat Level: Likely malicious

The file 9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5192) files with added filename extension

Renames multiple (3506) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:30

Reported

2024-06-14 01:32

Platform

win7-20240508-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe"

Signatures

Renames multiple (3506) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\SendClear.rtf.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcanvas_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libmmdevice_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 ec9ee211f52e835ff203272058069358
SHA1 cfb24021a12a8021963e69ba14e1b15a0d9f92a8
SHA256 e763d72076189769d39d2f676d66e9a1791cd4cc3bdbd1f3003a84fee436a67e
SHA512 82ea9f2b721e73ed692652306209c4ef6a9b690a7c4f0269063c33dd11e3e9467ebbb2967c7a1bbcd7f0db6e6a7a139bb3c5c264f3d70fced35e6269b6108c18

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 32af4606a93ad40f6d84ab7a5fb6f307
SHA1 c6184d1e8e6482b8df8a0cd9c5d98a5bba8ae5ef
SHA256 0fc19cfffe3416eded2b47ecaad7341c9c1479a7a7f98934a13a3181cb1a4bce
SHA512 a68df8cac72bb98bf08afee51943381acd6f6324669131850d50161c0c223d98152741dbe33df0e0de48c33d764da1b7fc506ddf7260fe393d508890a00bed91

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:30

Reported

2024-06-14 01:32

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe"

Signatures

Renames multiple (5192) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\BHOINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwcapitalized.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.DataExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ProviderShared.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalResume.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9741a0344ca97ff06b4801f9e7255b00_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 0fc3b83bd2bcc0a18e55d86ad00fbae7
SHA1 6646bcca8d25f18edd2296320dab1272b154fe05
SHA256 48a9ed2f4f135cdf8e39361a8db62917aefb07425e5626ccbe06956801d49de1
SHA512 247d6eafe5f85b09cccd86a4160aa3ccfe94d35d12aa2af36082e6763f86587457a56fc5902cfab780e607dc166fad92791f0ae62b908d31d39cc7b021bdc92f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 be181e5de4958663ae2784e308e9d69f
SHA1 11e397945ae7e347fb1e3a6c70a4942f6c365967
SHA256 3ea0bd2807ac730c15babacf5713d4c98d933334008cbd27e9005eb89a742949
SHA512 1d31e5cccd586d1505d4f2599b5f5a4e23cc68ac9ab07e8f5cbb6ed34cd82ce4d798960522fa373a39b25856b09b5f84acf5651375d6c4769118023bbd8fbb7e