Malware Analysis Report

2024-09-23 04:30

Sample ID 240614-c1jyhswcjq
Target 9b6d6206481774598603612f5487a220_NeikiAnalytics.exe
SHA256 d0b92246111a449f6c59a3b3ac3eecd24b94b4a7a16c1d32e173902bc8eaaf65
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d0b92246111a449f6c59a3b3ac3eecd24b94b4a7a16c1d32e173902bc8eaaf65

Threat Level: Likely malicious

The file 9b6d6206481774598603612f5487a220_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3728) files with added filename extension

Renames multiple (5198) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:32

Reported

2024-06-14 02:35

Platform

win7-20240611-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe"

Signatures

Renames multiple (3728) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libskiptags_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFPrevHndlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\EPSIMP32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\it-IT\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXSLE.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Eurosti.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search.api.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 2bf27e7bdc32b5e71af5e2599c439675
SHA1 b837ddeacd407e65ddf73eed8354242a5a0d2d47
SHA256 a0dbd411d2d0408cc592fdeb412c8c168f4ce5cc3a726323b75457f088c7e01e
SHA512 88e902d91d399453f40537de639d21040a965e163c6b7bcaa04160f840e03c29e0d42e44b0bf8a5334c7f83856473edd7266bd4a13036e4565240dbbe7f0d9b1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 00fd906d6d6171b2629793190e545b1c
SHA1 17579427817a605a58a55f093297e4f691b05d74
SHA256 64196601d0574bf2356db84d9f4418c864333592a2ad3d6e8c88417410755876
SHA512 87e2243d5064654ed43ae8ab4ccd436c2ca1cbeb267ec74f23da221df1c414b99a13d9fe0918b9f09cc420b0746319d11be17adbaf355abadba74f0f34bff8d3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:32

Reported

2024-06-14 02:35

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe"

Signatures

Renames multiple (5198) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EntityPicker.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART13.BDR.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\EssentialLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.png.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN010.XML.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.WINWORD.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9b6d6206481774598603612f5487a220_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

MD5 aa6c9b5efe981a797a4c4762c9259b4e
SHA1 f948b29c9d35f12e24ad43cb669242522f480da4
SHA256 458960f94e80b899238a92f1789b847bf4bfde1e57656f903ad5f2e4ad2a6d97
SHA512 5fbe4981c81bdcf08af260f941d37cf16e6c340495ebdda942dec57c44eca266052b3c8fe6e5d48ecd91743ad6c621c6a53a8437723c463f2d1a30c1c1898235

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 63e194f42cb0f430ba0d05e5cea58ce1
SHA1 9d41b172833cd35d8d6542d1398dabddeb1768ce
SHA256 b6e8e93e79266af957e5cb97368b9f230ded69aab7335a3ea287225412f947f9
SHA512 3e5ce59e6a0b4ff72eb47d979346416b400e9a7745fd132a58dca0d7a0934b4351258366ec9c94b03d6e84aff3d4d3533eb875f305fa16bec95b8d050500a5d3