Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-fye4bs1djf
Target d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe
SHA256 117713f60cbe09f7fd4f4ce7f60d91befd0996e30935a4ee84a480406b0bb304
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

117713f60cbe09f7fd4f4ce7f60d91befd0996e30935a4ee84a480406b0bb304

Threat Level: Likely malicious

The file d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3663) files with added filename extension

Renames multiple (5186) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 05:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 05:16

Reported

2024-06-16 05:19

Platform

win7-20231129-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe"

Signatures

Renames multiple (3663) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 e5c4b0f678f7c1ef8da3a1a12c916661
SHA1 9e5538eb00c12e6b645588e1409e6d8bae6a66ff
SHA256 c532fa8305507d213f3ae483e740b246afdf0a9088aa64527b328b9ac9b1d0d1
SHA512 e534a10f22eb7ef8cca1f0337924cb9c5e107c063a3aac44c465303040c4aa6c807515b1134c8cca24bba2a69d21b2875f62f587a374566cadcabc87e3e7f5a3

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b8e1842b28f4561a7636ae23d4aa3424
SHA1 449b71987494eaa9267566ef815930c3986b420e
SHA256 a690657d08f629b8dc33e75d15e22974e6fbf11458f65eaf5552ed6654ab2a0c
SHA512 f8ce0d7de216e328d60339861f447acdd971a7ad0f1c54f712d4df1e3d7f2d5767a8409762b33a61fc4ac98b8cd40e8e9aa609e0a62db9de18326cf774f706dc

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 05:16

Reported

2024-06-16 05:19

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe"

Signatures

Renames multiple (5186) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN110.XML.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.png.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteFilter.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\LoanAmortization.xltx.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SFMESSAGES.XML.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOS.TTF.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msix.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\d872e36f4a3837d8642bc2eb58621230_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 01330dba6a98952b4d001970144b13ea
SHA1 492c976390249cd3d7a05940e7a2ac2ec2f80f27
SHA256 5fe2989f0826ed20e70cbb79158a3a8cc2b67d4e87e6b9ebdf4d5661576dd7c1
SHA512 e7d7f8f68f9d83a2ab045fb502bc3b9335efdc830c5cd30fa63a37969d134bb0a126401a2c80402ad24c154d7c806f1cb08ff752762901cac2d33d2c4afb8c92

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 5b65dcfcd1b27923b9979f6ab05ac67b
SHA1 2eee8354e595aa22eb2c077487cf283f59d1d410
SHA256 a0d6a5c0dfc5264420d2397c2b922984dc91e7ad9a36760410e5de966cd3fce4
SHA512 322991773186392745c03bcc8c02e3e2d5a03951ff6862c885f003fd71e5deea99c1c8bcb045665e74cb8c1a6f46e84d88b5dfbe3f3f8c2f66c13521cd11233f