Malware Analysis Report

2025-01-06 13:03

Sample ID 240617-kjld1swhqr
Target 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe
SHA256 9013f1d436e516b7f601a62a8db8d13d309f1faff914449a5ebd617b2bf2c132
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9013f1d436e516b7f601a62a8db8d13d309f1faff914449a5ebd617b2bf2c132

Threat Level: Likely malicious

The file 6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3855) files with added filename extension

Renames multiple (5189) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 08:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 08:37

Reported

2024-06-17 08:40

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe"

Signatures

Renames multiple (3855) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXP_XPS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 75aecec95853c6bed92ffe19e6ebfac6
SHA1 840c8ed7d457281e37dc1cbfcf43e71a878282a3
SHA256 1d5739025748f18a617b1e95f7fb180075c76d03ab9d907b9338d3bf261e2ef3
SHA512 7ab8ef31e2ba970e07935fa6ee988ff5fe4b4e58404e5d3a1bacb622b5814dca73109d34d3b16e5d2c229fa3617e2c828bb59eefe13b64270ccea095261eec03

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 de69b100aef31f1012586e0c23928be8
SHA1 f31b5567723a00d91c808367abf97710861df18e
SHA256 2da91d3b64307fa62ab34a2182edcbac879516ca346e649b06a952da306e6e87
SHA512 103a175fd6ed4bed5c7f6a648bb8497f355824f58c46979bf03523ef49d499d227583f4aae9d648bb59f4144f7d1cba6ac9c32b6bc0247a6e33dac9d13852d32

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 08:37

Reported

2024-06-17 08:40

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe"

Signatures

Renames multiple (5189) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.powerpointmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARABD.TTF.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_100_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_es.dub.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\amazonredshiftodbc_sb64.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6bb787327aa6b860121aaddcb311fea0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

MD5 7b68b317254e2fe5a987dfad0e854427
SHA1 c6ee831d9e1862849c2ddd3d44b1f6925730c09d
SHA256 8cec90a3f935115bfd0ddb115ebe04afa93cfa891ea8651d028e1e4e958bb1d3
SHA512 baf4688db323b0b2a877bb852c4ea322a7ea9b64c644f7d7ac9e2b4d58266276bec6af267ad6943c8e15f9296500fba3a70745dff08c7f185439d1e4853ddf51

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1f3868cd6c2a02205f1964e5e2ce0c04
SHA1 43033e3bbf462aa6afc2f5fe066265d6be3afe9f
SHA256 412c7885feadf7a246313f1ed6e0ca9d2a67acd177252ff1f04aa216010459cb
SHA512 d1bf7ba0985129bd0cc491fe376a2ad46e4831dc74666217b04fd72466b263838bbd2fba0d02dfdeb5644d98de515a7258c49ce25a7ebfe840ad411371f7149b