Malware Analysis Report

2024-09-23 04:37

Sample ID 240614-cbtfna1cle
Target 99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe
SHA256 8f8a8e6a1e322fc6146f4a427edc39ed0e2a6e51f7b59c3898292a602d5adab9
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8f8a8e6a1e322fc6146f4a427edc39ed0e2a6e51f7b59c3898292a602d5adab9

Threat Level: Likely malicious

The file 99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3819) files with added filename extension

Renames multiple (5196) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:54

Reported

2024-06-14 01:57

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe"

Signatures

Renames multiple (3819) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\fr-FR\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libanaglyph_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\acro20.lng.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\Common.fxh.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 0c3c6a7e14d680e31de4399a7f9a24a4
SHA1 fefd4da97e1a12a5bca71152519887c23646f280
SHA256 a4834a048f1b7dd1204583c11922d5022d45f68fd71c213ab135b8b098ab240b
SHA512 424d2e3fb5cd37a641e7c2667b88b473030b71689061acda3c086b407958aacaf865517ba39c70b86bbb877b38949a8321ec6399c4afb5e98c59307d50e759e6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5d8783884c27b80cd25172f4340062a7
SHA1 d817276edb2de0a4861a96a8c9a6621c60395b81
SHA256 de02a25052bc12f82c375a586e274593d361db70d19008141d6ea5d716650131
SHA512 ee6b8da4fc992d9213c1d84d71d355cfa604451881ce2678df55f48e795bc8fca724950082d70f9f4bc84a2176bd058b1608a4cdb26ed1ac956dc4268d2d6642

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:54

Reported

2024-06-14 01:57

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe"

Signatures

Renames multiple (5196) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\strings.resjson.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.White.png.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-REGULAR.TTF.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\TecProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\DismountLock.js.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\99070183c4ef7667183c90de697ea830_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
BE 2.17.107.203:80 tcp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

MD5 362c5a54b9b2bbefc7ecf53fa0be4876
SHA1 66fa25d1cc17fbd29fcec9c169cca0f6cc9e768d
SHA256 b0d877578a3ead9ec9aafbfa9d467ad5f31370618b52d8acd06d817efe5ce6e0
SHA512 7fa9b9dc016fb826a9f67a1138c9c0926202f0b4f8b672d5f655efc07940b7ced0120cc959f5f981aae92e87a3ce1fd5f5b4c3a6cf753d99487bff9e3dd7f909

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3b56f7f66bf32ea41518285cc4b5c12e
SHA1 8e4a7c252509bb70666acc154ebdffac49340664
SHA256 e714e6edf6de01cf457f7dc04703d4aeef5f392e677ac7d2637ef2ad3fd750c2
SHA512 a77adba345cda89a105e7c62708df356b54fef6929bdbcaa57c58a96904c68e4d765e66a29f1b57a65160408e303194f72d3e514850df62659346fb9fdc29c3d