Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-ftlejs1brg
Target d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe
SHA256 5fba1c01371ea0f80c462e948aeaceb64e13c8c74f6cfc050ecea6117da65e9c
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5fba1c01371ea0f80c462e948aeaceb64e13c8c74f6cfc050ecea6117da65e9c

Threat Level: Likely malicious

The file d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3433) files with added filename extension

Renames multiple (5233) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 05:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 05:09

Reported

2024-06-16 05:12

Platform

win7-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe"

Signatures

Renames multiple (3433) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ieinstal.exe.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 1544ab94e7899fa7ed0a4a98cc8acf16
SHA1 22a265b5825b6092f56baff144cb317c594e7450
SHA256 1742d3a4af4612f911aa3da077c9e2c7345180cd49d951ae8e4bf4853ddbcbbd
SHA512 8d96512a408739657ba242b91829cd5238c139b42f183019f307a7872f0ef219e1bb28ab5f8139cad875b78b94c9090740339db5d31f33a4f8cdcceac8386778

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e0ee07d3289926606631ef3ae7142966
SHA1 ca17a180b39b85d7228675be56436474526dffc6
SHA256 664f86d0e7da270870d49f374c395a18baba39f5187db50c7a2b656ed494b62c
SHA512 e652bddae3a8526b6434d2d323c165c59e3c3fd429390c0db8c85d35931bbfb3957a9aa7d11a016d15c6285da6f9e141f7b53e6fdd8e758e2dffadf1c2c5d784

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 05:09

Reported

2024-06-16 05:12

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe"

Signatures

Renames multiple (5233) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\CHIMES.WAV.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-MEDIUM.TTF.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\d805fd94cf86a291f5911e126d5444c0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp

Files

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 f7ecba6fc443108958d4b466f0f189d0
SHA1 46128d1914db71aa4e46388c32bcf5f934c9bb85
SHA256 0a2a4820a8ea058a9c5f28fc8616eacac67f01b41ca560b306f4d6223a616d90
SHA512 11b548b6ab3e64c030d720358c9aa6382e4110c5e5c45cb87985a6668ad7e2897464e0892e315f0a08dcd58fd5d38a9746bc3f0c65832b58aea92c3bdb3f5b33

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 85f8a02db1a33cb6643de303cec2a7f5
SHA1 35abc65a6e59c329f098ba01a82529c26d9e5a88
SHA256 7868f8c9c0609fa9a3c4f01c7c85e4843f45009d0463a93862ab1e2a76b6081b
SHA512 1e8a7951e941765d2f0fd161f69c40f2f168396fb449c9b219755e9ec627fce81740c48967a3dac8cb3cb7c159bbf8a3bd62dcfd8ab183577b6de5c5b604b0c5