Malware Analysis Report

2024-09-23 04:37

Sample ID 240614-cxsfgswbnj
Target 9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe
SHA256 623314dc84f8b94c7809b6370e0513a3a26f160f61a10003908cabd96d0231e3
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

623314dc84f8b94c7809b6370e0513a3a26f160f61a10003908cabd96d0231e3

Threat Level: Likely malicious

The file 9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3557) files with added filename extension

Renames multiple (5030) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:27

Reported

2024-06-14 02:30

Platform

win7-20240508-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe"

Signatures

Renames multiple (3557) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\Hearts.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_floating.png.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 9ec85ca6f3b061bfce36a60c1a5b10db
SHA1 a26f1730888728b6beb701447a721a93e9aa1f7b
SHA256 0576575a35ea8c0ebbc1d36703363d2e93ab27ffbb563f87ec225e25f31f6278
SHA512 14f8f97567e2b62e4a3616598a73689111074caffa0a193ad01708ea6d556f4f625670e4c1aab707390f96ae97632f139aa00697d58c2086485ab8977615aa64

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9dfb9de7db61a676d23e2be74fe58594
SHA1 6939da11c2936f79904ae55fab5f5bd98494b765
SHA256 190a69bdc43268f938122345e38f8b308ac970cb93d839212950a310cc2bfba1
SHA512 f8574da252b777946c7629425c5145016933279996da3a4730e7f6399cbf9f926602cb8e5c26b80ac0148c91ed990c56228f6852190d8a94118476354fccb020

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:27

Reported

2024-06-14 02:30

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe"

Signatures

Renames multiple (5030) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excelcnvpxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYML.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\en\LocalizedStrings.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\STSLIST.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9b1c5e5dcb4daab73802cecb8a9415c0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 105.193.132.51.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 82855227d95e9824235f19cf1cc76af4
SHA1 ca1e333b6664b9dcc40a285cc04517cf1bad25e5
SHA256 f6e6d0ced3c2846a57ce674b21eabb441535833cdd70ba04b20eb8cf32ec99ad
SHA512 3ad0e3a60abc6a3772ee37fbfc9ae41e6de1203115a4ac969fbad24654e22142b83ba45ae7c5a20b2457154df31b00962d202692d760a719c7c7a3ce01760c9a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2f977d2d62c4766237aba3e8a4b0abca
SHA1 46f359ecbea640e007f3538111713870651aa41a
SHA256 4fcdb5ce569ad34b6c58057586b642eda3ec3c5626ad36d841fd8a78fbaa0117
SHA512 09269a1428ae5ca92824588571e61fdebe73e14202089a89d5f7d4fa18d7fa2d82d77b3de3599e7d99cf9395cd925a1bbb64361bf27d941bf9463e37e3ce12b0