Malware Analysis Report

2024-09-23 04:37

Sample ID 240614-ckcjha1fnc
Target 99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe
SHA256 da9a50cc57e3038dcb1c3dbc7af301ce8aabbd5552e35ab0da749b79a782ad9a
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

da9a50cc57e3038dcb1c3dbc7af301ce8aabbd5552e35ab0da749b79a782ad9a

Threat Level: Likely malicious

The file 99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3510) files with added filename extension

Renames multiple (4891) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:07

Reported

2024-06-14 02:10

Platform

win7-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe"

Signatures

Renames multiple (3510) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\locale.ini.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\jnwppr.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIBUtils.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 daeacfe7fdc3201b9251a77f8a42bdc1
SHA1 0a3722a95464a2e8ddfc48a10e382d0b7d70cec3
SHA256 669218fe03742f82e69f66458a3c26bfde9135482c98962a40f50811abbb1e4e
SHA512 578a77afcea8fbdbf4fd8561199b9609bc25746170b863c943ced59428876f3f11ffc189cabc6a80a0484f9643ddf98d4d728e6bc94803c52835a588b71253fe

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b079304ec9ddc8f460cb62c80b631656
SHA1 9a9766735feac5679e05fcf0fc7e86b837c26ed5
SHA256 c7ae55af2e0b9f413b6969a5b7e769c400f0604d2f752e0c9046b8dafb9bff55
SHA512 ea0b7d7b2739edcc0917a13d54e83fcd464e5fb2be7ad110bf62424ed712fb30e6de2c5eebd5881ee5f6e7fb304a9eea35f0d459295ab7215ece4e32ce4d07eb

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:07

Reported

2024-06-14 02:10

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe"

Signatures

Renames multiple (4891) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN048.XML.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EXCEL.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\99fa8022abb0ac366fdcd1dc7c2bf890_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 17.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 d5db86ecd63f286e304f80528f9d36e1
SHA1 e1342c17a712df00562dfe30169c60be4b8134d4
SHA256 3aba7a1033de2ee1091a8c6ec5c77533cc012b4612c17909d9ddc3c7a773f3d2
SHA512 19ebfb7bda0da4b18841914d947cefd83960f3abbbcfa181ff60c9560cc6c73879aff35cdc6f22cfff485721bf66e783948a4bbf1d2518fb1796438a44fee7e7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 0c692ef6b65adec68238dd7de8dd70b9
SHA1 2f1e74e79207920d7b23408fb6ca7b22ca3e4a7e
SHA256 0f14032d5c5ac97193d11d82eba0f8c7ee5fafb46e426e8e8253d2fa2ceec736
SHA512 1a90bb51520599a1751bbd27716db53b01c29e3c32a7404401ddca102ea06a9a8f680167cc0e8513a00606c6ca87aec407bf1cb46d23b7fc9d3764e6a6e61709