Malware Analysis Report

2024-09-23 04:32

Sample ID 240614-etxbdaydrp
Target a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe
SHA256 1f13c743e8dbc5621b4c7c031ce4abf368a904736543700751658371ae9a998e
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

1f13c743e8dbc5621b4c7c031ce4abf368a904736543700751658371ae9a998e

Threat Level: Likely malicious

The file a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5197) files with added filename extension

Renames multiple (3460) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:14

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:14

Reported

2024-06-14 04:17

Platform

win7-20240611-en

Max time kernel

149s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe"

Signatures

Renames multiple (3460) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libalphamask_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 a2e185bc451513f7348ef6f79a24c9dd
SHA1 e4706b43c93e24224dd1d3357e4ff5eb10a70605
SHA256 c0e7330a9537b6e6f8d3d951c966ee06cedb347fe75308f18d9199780bd11e92
SHA512 6bc15f6ab80629168443bb755bdda3e2f45a898de39cd9e5d8aedc8092c414397032a7dc7f070e8afb88aa2422b87c4b1d959a50e2ffa1195f3d7cc969a4c594

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 45465937a75d244743fe5dad9fe40415
SHA1 e28c113a00b8f441cc2d745beb9691a4b2e4999a
SHA256 6e3d43f8462e077d552670c565b9650e75cb97d13038df69e6e0a13e4fc9cf0d
SHA512 db01beb4a62de761d1bf07e6a3e78687c023cc00e04594d6d3fa56c8dc81606bf092fbf773030a51873af9baa56e7e46c23036ba35702d1546fbbeba2d80bbd5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:14

Reported

2024-06-14 04:17

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe"

Signatures

Renames multiple (5197) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN065.XML.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a171155929d0d8778c6bfe1a1ebab5d0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 3fbe0e4153128f73765e8deec9b88851
SHA1 710028702792d56c8d5b853ffa3233da6d393da6
SHA256 e1b52c95f5a9560a9175a654fe02130eb9e045fb06b268b27b16762b9d57e86e
SHA512 ce016381ada5c9c104f8354934537a21c955d0f51dc1a2965467d1445f2eea3ddd6c84bd960f6d0fc84100f17be84e0357277f9709b240eecb79c40800d5adad

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 873608fbf843a4f2c8ac2ac10980497a
SHA1 d0c66ad76cbd576b1f1450f73d00d47566a20e0b
SHA256 7cff028a7db4ee2188074ae66a1800d5435c197819f41eb771e6ce317c8fb6ca
SHA512 bcf1733a45c4cd11857b4f01d9c151a94a8238d19bcafaa086eea51bfee88d64abf3fcaa409ea8b47c5906808d43bf6f1844e744b6ab558984d442e316af1e7a