Malware Analysis Report

2025-01-03 08:29

Sample ID 240616-25njyaxakp
Target 1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe
SHA256 efb089b44680beab7d8b6c17424d9ed8029f4f73d47276deff05e74749d2083f
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

efb089b44680beab7d8b6c17424d9ed8029f4f73d47276deff05e74749d2083f

Threat Level: Likely malicious

The file 1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (557) files with added filename extension

Renames multiple (4812) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 23:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 23:10

Reported

2024-06-16 23:12

Platform

win7-20240611-en

Max time kernel

151s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe"

Signatures

Renames multiple (557) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\pdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\directshowtap.ax.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\images\bing.ico.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 a56719df373b2a95dd4c6bf84ff97ad4
SHA1 ffdc84c21cc03a5d94611462149195928fac645e
SHA256 5bd260de05ebfda1756d49bebf150a6dc616474124c310ebbe9a2afc17588bf1
SHA512 b2bd2cb1ecfabb7b555a329a486354339032a57c62f1213bbceed507cc776734b26629a99e4d1348795dd8dbd1e0b7770d6c48d7556332ad1e161f0bfb25f43f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 cd4b96e4ccac0d808de30710e1fc7532
SHA1 ad71d8eef5aa08f0fc8939ffd7743a7884abd041
SHA256 c8ea07d541417bbd6a733871e2799770fde42d7bce2cb0332ddbe270323e4395
SHA512 b88ab932c3d5637f99b27508467eda394f3e4c6ff79d9404c29af910b831ab348c3ac24f41c6d64921f1443a6671afaed9e6efb68d8115ea0126f6927a2af225

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 23:10

Reported

2024-06-16 23:12

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe"

Signatures

Renames multiple (4812) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Tar.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\dbgshim.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\1a3a20e67a40afbb8cb999385f8b55e0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 13.107.21.237:443 g.bing.com tcp
BE 88.221.83.185:443 www.bing.com tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 185.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 2993f5975c6a7dc4fccd848f0741773d
SHA1 77b7dd0cd000e063050e74daf81454f10713abde
SHA256 d412a217bf7b93bbdee53ef5de770f6a4cb05ce21d8837989608733ac54be59b
SHA512 89bf25a96cb80d28c366c47a54bb02f375b17fd59c5a3694384704165c81711a381c9377ed27b4c1b84ce6bd07b82d8408aaeff6d2c3e6b879474ff89d520b70

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8f05d121c67cf573a3a8e22fa655f3eb
SHA1 d71f22504e60322e3807e79488682f7c6cf62bd2
SHA256 a515c08e49cee43d34e2645ebb3d6ea4d407ddcbedba8b6a914492f77e28ea35
SHA512 53e4e6c6aed80f0b7a0adf3566bb6793fdac14a63682012e1bc643b884ca938c476ac806d00b52f63eaccf11aa799da1e0bd86e2d92d566ecf4a813cde8b0365