Malware Analysis Report

2024-09-23 04:37

Sample ID 240614-dezbrasfqa
Target 9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe
SHA256 ab5fce9e108544d73a53cec1116e6e6a76fa3c3bb2518c968da948300fbda665
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ab5fce9e108544d73a53cec1116e6e6a76fa3c3bb2518c968da948300fbda665

Threat Level: Likely malicious

The file 9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3785) files with added filename extension

Renames multiple (5196) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:55

Reported

2024-06-14 02:58

Platform

win7-20240611-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe"

Signatures

Renames multiple (3785) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\NamedURLs.HxK.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\ApproveHide.edrwx.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\updater.ini.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.GIF.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_left.png.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 5f08dd4aa0b3b279b96c4e7d551f5d4f
SHA1 072bbf72c1e49a7de0235de37350130e05d7a18c
SHA256 cfa841245749117fe3785f167156db17705636018cd17e212265a6364f4c619a
SHA512 7eb01f2b5697a463a04cfb726517cd67ddae49a6a2b5b27175450ea439d1d23cafe1275091566f5755aeae95caa71bd5faaeefefccd595308c5bf06fe6901214

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3da5d1a7e43f15662f52ae6987001a33
SHA1 a40ccfd00aba675f2175449faf59e393972783e3
SHA256 f62d10fc2434179fbc0db304a398737fc715d2ded20cc529e5238f7e146e7611
SHA512 60895314e31407d7bdcd78e67dc86e69028ac8452e29ec4c6c6ee0a8dd5292165bcdacb090a176915d706a971066ee6b6da707a3e962f1ec552575ce36c42a02

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:55

Reported

2024-06-14 02:58

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe"

Signatures

Renames multiple (5196) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\OriginLetter.Dotx.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOS.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\msipc.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.White.png.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9cefd622bdf5f431ab2771675943bf30_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 71.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

MD5 f8baa147723f799706bee0ceaf9325a0
SHA1 821852471113839f63d327e4293b299af003eb27
SHA256 8f57e42bd1df369db6f37b61960eb470c48cbdc71a96d6741478cf3c78afc509
SHA512 2d1548c5b0af40ae28122cd1613ab6783750ab7af2879e614549a802432d1bee2e5de516c2b0680749e52ec126fa999e03f4dcf090335a7a7055c2796cb755e8

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3e4b04e75d0a1a901f9bf94aa2e342d3
SHA1 f0660ead7a78dbbe7dc6a6cb1da658fbcef30284
SHA256 b827ed170968aaed78dbc415ff0e76a8e1e80e2e7bd64ead9de0a738bc75304b
SHA512 cef266b75d1bf0fb4ca0d0ca00290f96d62ad44ecaafa443a0ebdce0c99350f38bf0c3798880508f120f13ddbe91f787505a313711c249ec0fe1d4233d8baa9a