Malware Analysis Report

2024-09-23 04:31

Sample ID 240614-e1qr6svelh
Target a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe
SHA256 f667f5e8111a397187ee4ce34b5416d76c43b4f487f31422d81a9edee58e8bbf
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f667f5e8111a397187ee4ce34b5416d76c43b4f487f31422d81a9edee58e8bbf

Threat Level: Likely malicious

The file a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5109) files with added filename extension

Renames multiple (3790) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:24

Reported

2024-06-14 04:27

Platform

win7-20240220-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe"

Signatures

Renames multiple (3790) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libwall_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\pingsender.exe.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\bod_r.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 fad69b5383f2f94fc2866b7b995174ce
SHA1 e694f4c94a1fe2cdf7f9d39c5b0734395279db2b
SHA256 9f7dc2631578a88c49d3a9f4eb9653b16d204ad0f1c44cf50d294b56f16a6c25
SHA512 bd61697a4c7135d3d89b2e13979330892ab153ac83fcf437129be93692e4a77073461e12a03611d0cd58f636a5b1fcc21c6736dc76361b332143b182fa6ce21c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 11dcc3efdbece4fc88bf8e67ef94d183
SHA1 3bdf9a0caa0582f5866ed0c2a1964e567eb633c5
SHA256 b648e7fdcf48a4cd508837181b099c82617a2ddf240d5c2585b270acc43a2b49
SHA512 5a7493a3d5368e92ad9d51c7ae28da197a60df914f4055e9ea477d6db5fdfbfebcdbabba0f9467cd2bf5e1e7f9e7d25d1a894da8c650ed0c15ef92970a8b2119

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:24

Reported

2024-06-14 04:27

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe"

Signatures

Renames multiple (5109) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL111.XML.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NAME.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a1f2f462c608a209c5ba34aa379c5610_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
BE 2.17.107.122:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 122.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 d9348322257548fc9d6613621b153afe
SHA1 a2945d778071af52d467adce7d3b6cb4bce2f3e2
SHA256 d6ef99071dfd780dd487558bf63e554128fd4208a50c7af5c5d546e17e5d781c
SHA512 bf2c1572b0fb101413d3f42a72be9367078a8bf1ca127224d668e60de4dc186f8c2f3f47126320fd46080371aea827acf59dee6ad294e6eec93d7b0addd0263b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d0359c1211d5bb68e89ea07829c405f4
SHA1 d864607c85829d91dac70ca2b3da5e4e128509e9
SHA256 9712b66429f211409d52fa96c3bd79c3ff6bd13e8b7dfa3d6c08bd50aafa8c96
SHA512 ca0180dcc13a42ace4582d4f989b3365fbfdc5202d12f8ab8b079bac5c9b6c1dd3e428d1abb4b87bacbc6c513a49d186f269ba13ff1dffc6294bc0ba836238fd