Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-gsy5paweqq
Target db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe
SHA256 26278f863b7ff76950b90623c1092e6851841908ed231d2123940f2dd12b90fe
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

26278f863b7ff76950b90623c1092e6851841908ed231d2123940f2dd12b90fe

Threat Level: Likely malicious

The file db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3433) files with added filename extension

Renames multiple (4849) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 06:04

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 06:04

Reported

2024-06-16 06:07

Platform

win7-20240611-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe"

Signatures

Renames multiple (3433) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpRTP.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\mozglue.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\omni.ja.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 41742e45afc725aee87d2c4243b0081e
SHA1 6f2b4b440b9dc8dcb8bd38710aa8f2598b8d448b
SHA256 2fae597420c0c40f5b3bcf49fb92571389e01380a4efeeb88794fd5b125ac8cf
SHA512 d3b2954d9cb719fd7e682018981c38ebdf58622dd75b68a117ea26f800165a9d5c31786fcb83b236b048061a730189964aba217ba4ba3e94dc9b04bd95bcbb89

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 89b04cb9af056081da6efcdf5c8c3967
SHA1 5b2ffe4ab997c85a6bd7f0fccada142540f873a8
SHA256 40b332b1580bb595616468401cc7f2a403389e11d82acd9ca271319234799223
SHA512 b86a25d50c9b8070ac2c6c3163f65c36de6d9512e49b9f3c0e024c02860afd7bf5a8434f8fb580c802adb22cb9bd18ab4da5d6a09763c218cdffce3085858991

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 06:04

Reported

2024-06-16 06:07

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe"

Signatures

Renames multiple (4849) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr3jp.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\db54a25d70caa3fa59b76fd7b13df520_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 c9a125baba056e8cfb5120d7b526493b
SHA1 0297df849d7464a82e7b57e2c156e4b9d364538c
SHA256 57f5d4a221580563e393407b4f26d8ef5784efdebad116fff3520eb63f519ca1
SHA512 dedb96694d53642cc86b92801e17474aff3c827e10a6fa0000d1d134dd4da6d92f4672390a5ac7267f46817e4c6536597e2839a92e5046477fac62f1c825e443

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a06571df75895d16ab32e1a3de2b9375
SHA1 f0e227ac084c9b6970dd3aac00b311006310eb10
SHA256 42ac40288f5808b3790c7256ec23f06c607b9d24a6bb1b4b44cff9c32e79505d
SHA512 84a655781eb77aebaff511eca63265864984002b4817ebb798818ddbcaa99d3a339fdc7d96ef1f962f248da313eb16ba575944548369a6c164eec72d5cc777a6