Malware Analysis Report

2024-09-23 04:31

Sample ID 240614-fk3bpswbjb
Target a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe
SHA256 4d5077fab12be489d18ffe985356420a95f1d7b1727a9d732df048f76360ace4
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

4d5077fab12be489d18ffe985356420a95f1d7b1727a9d732df048f76360ace4

Threat Level: Likely malicious

The file a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (1023) files with added filename extension

Renames multiple (1358) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:56

Reported

2024-06-14 04:59

Platform

win7-20240611-en

Max time kernel

148s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe"

Signatures

Renames multiple (1023) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\lv.txt.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\handler.reg.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 e99a3587b10a473139fa0ec71bd589fb
SHA1 79991d53e4bc5c839450361b6736ff918b96156a
SHA256 9d2efa0d89a09a18fb50f7a08369d5527f954740d91106812203aa50d04adc18
SHA512 cd6bc0ece3258cc1d9dcf2fdee5814fbf38ffb6eb8d37735d617d84aeabc4cf0c6a8489bb176a1ca2a582b262bbf1736924d3d9846b96792939e3bc16d50b340

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 59cf36e9fa0fc865713653cf65ac6216
SHA1 37d59a56f352b1eb457ae6bf73cbf491ba89134a
SHA256 27ee2f31933efc97b0539d05be810de61431b5087e9111ebe1a2f1c0e49a5a8b
SHA512 e07e51aeac7181bb8df65e5737368b0fae1e3787f18ee975e6da0502a0eb272ed3c58fd764968f15e76bb250a5e3d24b1c0efec1ceebf42166428c153fded44a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:56

Reported

2024-06-14 04:59

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe"

Signatures

Renames multiple (1358) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\dbgshim.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a40976b5441acb9163e177b462d75b10_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3820 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 3efe00b8680fdc912af6b49c3eaba8ef
SHA1 980210fae5ac9b6edbe4e92a5d5f0bbf5a535855
SHA256 989768a0ac992ef09125f7c48b9a06c256bfa05aaf9a41465cfa62e12e26c5ce
SHA512 8611f1d4d15a6a7985bd7e449d70e4b726832b96fb38707ab4e6b9d5ba53072fcf14980affa84985b3e135fa8d4b559a596ea87591f354470033606a55cd99f0

C:\libsmartscreen.dll.tmp

MD5 3d31c842b21f38ca35b3d43e6fc35b69
SHA1 0f25adcedaf19a59bfe679d677f9d990da24716a
SHA256 a14d8311ceb32496de546ba26a8ea22af5490f6bb438d2a42b82b49e80d1b33d
SHA512 2284752f16e5bd762f36dc03d47fba8adfa43001428ae6874fd8736ebaa36379f5e4f439af5572c80c2eeda23298e6d8bf3b41db78be99f00e6c1e1376bf5b5a