Malware Analysis Report

2024-09-23 04:31

Sample ID 240614-eeb2wsxhrn
Target 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe
SHA256 ce0fb52106c19f407d25f55ae22e1e670eb534fa937b2385d91a5013e599aba1
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ce0fb52106c19f407d25f55ae22e1e670eb534fa937b2385d91a5013e599aba1

Threat Level: Likely malicious

The file 9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5257) files with added filename extension

Renames multiple (3686) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 03:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 03:50

Reported

2024-06-14 03:53

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe"

Signatures

Renames multiple (3686) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\Timeline_is.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.RSD.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\pdf.gif.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\Journal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 d5cdd1210d01a12c833ad431e82db3fb
SHA1 9b4e0b2e97b6861752b97855e5ec8545b845d645
SHA256 ecc34c726cfab86b0c78da1566472b7d076b3125230e4655b3fa4bbf0c248060
SHA512 03d45bfe91eb638900aa70771e308987162a519cb86c84aa6848a4e059494ac649e7d591bf4c6d383a11470808c66192081692899961cc2806c79e46a910133f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0f8c35fcad9f52ee968474bcd2dbb915
SHA1 a1a79142ee1b15e57c57eccc7171df08d55d6297
SHA256 fb39e5f8c0be998363a35156e768043d674ddd711dbb6d9dd7bb134ed4163199
SHA512 325278d0bfed5e875257f133c9ab69f6ed702fd685cbb07645ee07f9e3c4bed8bf91f3aabccb724043512ffc322a2ab6758c77953a55bbed08477c15f50a1f7a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 03:50

Reported

2024-06-14 03:53

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe"

Signatures

Renames multiple (5257) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.dub.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\manifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeExcel.nrr.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SFBAPPSDK.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.png.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\LICENSE.txt.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9ff6db7f6c65781f7bf852cc779ba800_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 e42f507b574d933aae8353c70b133085
SHA1 8d077a115d55089878ddb8407b9f24df4c993a14
SHA256 bad5e849876fa4770c30de52d1da73515a1f5fbad0efa90046005c7a0a513f32
SHA512 28f4bdc1b1429bc1521f91dee8894b53cb8e6b95fc08fd299ad1d99fe456266910373dc815a2e2e3baf913474d90f9ef236a483b6d7cf034bb63139fb2bb879a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 0aa071ff00317e21117537c540967d89
SHA1 9fead83876d36d9d5d7e316d4380eaaf77dfc6cc
SHA256 2eebdf811b0c3231ac8f816b9f0f84930b3d27e6c9688025783230bbde877c7e
SHA512 973ae75944e7d0a1ac9bac1822ab464fc2e3889701e86312f63fd54dced2edfb824ddae0b7746ba1f760b03f525bacbcfa5f1a9a855a0d2f88e3ea99a1cc8973