Malware Analysis Report

2025-01-03 08:25

Sample ID 240617-h9yqxstgqp
Target 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe
SHA256 208e066613ed185bba09ac4859d0c07bd3c27c647f882e18d20abb6ebce0d64c
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

208e066613ed185bba09ac4859d0c07bd3c27c647f882e18d20abb6ebce0d64c

Threat Level: Likely malicious

The file 61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3763) files with added filename extension

Renames multiple (5187) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 07:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 07:26

Reported

2024-06-17 07:29

Platform

win7-20231129-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe"

Signatures

Renames multiple (3763) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseout.png.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\OpenInvoke.dib.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_copy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 5c24efa4ae0f48781739b902b1c23974
SHA1 d883d5d3c5ce7c7c9a83b4b8b27f2a20387cf7fb
SHA256 23328a1ec1f65d0f266b4fb5080bdcbd1be2774cabfc139c9f0900295f08e965
SHA512 6ca101f499364be3bcbace0fa7ebd4343a52726e6d9306918782cf123d8880193d6f66b5cbd2d9c0637a3e94aefb07ef26336cabcae15ca860d1906ad4b6a778

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ab01899f10d1bc397992111b4971fc77
SHA1 29d6425ce5ad32fcd94334bfd75e29c912e75d02
SHA256 e09a11ccc6b367e24540130fcd9be84f57a72563e9d3bd747610f6139b86203a
SHA512 e8cb10790c538aef40807584d2a9ef07db6965fc7c09172a709dcea85f41fa9a17290383c992d474b2a280642c9ce37a763272552834bf34ed0f87abef256327

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 07:26

Reported

2024-06-17 07:29

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe"

Signatures

Renames multiple (5187) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WebView2Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\61956c16e785785755f7c1be4e8f2d00_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 57bafaac6fc7a72285643f3c753b95ac
SHA1 77e79a8cd66eff97f075f13a975e30236cf4c8c1
SHA256 2e7f084b75e75b173275150c8242ce6ba0d29c1e37a994917bd5b3dede6b96e3
SHA512 0c9c34240535b7d0f6ce45200687ed854317b053dbfb16a20fa42bf30a211146525e2dce608d097d4b59db964803f00285d5a2bfad88b689a497dd50cd8de3c6

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 cea2526699a84dc941817e43f75ad9f5
SHA1 9acbe5af642cba358365382a592e0b4aec7947cf
SHA256 31243e6189461e776efb10662bd2e9a2b26a1d2df8f0b9df2ca94d8d6bf335cd
SHA512 949328ac309719e7b1a5ad5552dcd5f7d4a0049c8ccd5adc21f39adf8ac28ade40de0292d843c1203f73d9e7dbee77fde0aadbd4c1199af74e4d06f6fdc28082