Malware Analysis Report

2024-09-23 04:39

Sample ID 240614-dbp9nswfjj
Target 9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe
SHA256 8253b3ee2ec79f96b17b38bfd022f09082d6366dcbc57aa95e5836857de54a15
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8253b3ee2ec79f96b17b38bfd022f09082d6366dcbc57aa95e5836857de54a15

Threat Level: Likely malicious

The file 9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3610) files with added filename extension

Renames multiple (5351) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:50

Reported

2024-06-14 02:52

Platform

win7-20240221-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe"

Signatures

Renames multiple (3610) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\lv.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 056191ca54372a129ad026670ba460f6
SHA1 85fb1cb64c5aa7f45b340333c13d05abb595a43f
SHA256 02f9c7323b39d6fcff82cc7738379eed1a62d649d842744d397a2a0b8bb3169b
SHA512 129082e3d3ef282f75d7dd3d4bcbba23b2b42c3be6dbaeb3627515692eb3598f8482022d29af82c408518ec9271f6c7cc907bcfd5156c17f654484348c7b3d47

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3ffbc12f416cc8465a524b42a495f46c
SHA1 8da9c3b6561d45a0d70e4cdecb6e9d648977b6ba
SHA256 d3d2b62bbc7d49920bca593042e11e4c10c893376c0c10ef852032a689596c97
SHA512 0dae92311bda41a583ca57f35bcf82cc0d9e50eab7288bc69712a32b7824c344c4624d8a052fcbc773874e229e4dc28591042eb612632cf22d61acf17d4758a1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:50

Reported

2024-06-14 02:52

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

56s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe"

Signatures

Renames multiple (5351) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.EXCEL.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnOL.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\110.0.5481.104.manifest.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSYUBIN7.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ARIALNB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL116.XML.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9c8d1a18a9bc19e93b3860b6b3c7bab0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 6c838a6003e0956eca37afe600f833c5
SHA1 83d50109adf54e1eb29c44039f00719d67b75f14
SHA256 396f8446f8f0d9f7139ca98f6f8e7d1c8761a8fdbc1b99225b040cda0acf8303
SHA512 8d9466d6d4419e52959593e811979acef282fd3843f35d1c41f9d3269574eceabd4392802a8f607ff2186afc25d7967b33c3bd9fcc14ee06119eba7995fb85f5

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 faf6b58ad884b46e76f777beab71a35f
SHA1 ce312ce7995164f9d8967292ae994dc102656e45
SHA256 7dff32c4b80b78c02c8f440f3368bb879290c1cbc69ae97730df8140d6d6f6ca
SHA512 148c7c7d1dccac9397a0ea092904bdf78fa67792459a6b32f2b5098243c6235cdc86fcce83b10f5da98336130293e79a11addba15f7be04fcd4d4cf10b292d4f