Malware Analysis Report

2025-01-17 21:09

Sample ID 240603-n8ty8sfa79
Target a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe
SHA256 96395111ae7dcf2405ebfb691710692a30256d709ad989ea779ea628d7eacab3
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

96395111ae7dcf2405ebfb691710692a30256d709ad989ea779ea628d7eacab3

Threat Level: Likely malicious

The file a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3102) files with added filename extension

Renames multiple (4821) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:04

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:04

Reported

2024-06-03 12:07

Platform

win7-20240215-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe"

Signatures

Renames multiple (3102) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\perfcore.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\javafx-font.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsource.ax.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2108-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

MD5 8e2dfc41b6bb978fe72282b3d9781587
SHA1 c36785a60f7bd38b98080632e7e0225ddd8a79ff
SHA256 1efb03c9018ab57b18977cb1a50504662af9922dffe225a4eebd275f10aa770f
SHA512 a67edaf200f2accdf82373ce5ffbb85624e45473ce60b1a5877dbd236961244f5b31656fc44310c509bf8cab4a774a4aef4ba2cb4c4dc19678bd4c6eb4d2892b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8b8fb69b9e97bcdc95145fa08d65fc42
SHA1 3661bbe94fd34857e0c16c2ae252525a54ee47d4
SHA256 d53ea1d953f039059ca58dd62c0491356fb18532bc71535ed96e3cbdef0ff152
SHA512 174f4c7bd52d1b172174e5baadc7f3820f04132657883bacce4b81035b60a5449fcc4a7e21d48f517e48598e5635622277a173743b3d7cc43981dc60d392a592

memory/2108-490-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:04

Reported

2024-06-03 12:07

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe"

Signatures

Renames multiple (4821) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hi\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GKExcel.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN089.XML.tmp C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a2c65c016cd6d3eccc8e26d0c6ccb6d0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

memory/4484-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 f7e63ac2eaa398a254d6a02f5e833213
SHA1 9db923139d1b55ea8a2fe959e7caa2d7a56962ea
SHA256 5b3b30a554e43e9181cae4915a94c9fe4cae3b333272ef72a596b1d644ad0cc7
SHA512 4bbd4dc45fc4baa08e843bf8198776262308e97d8121a190eecd44b56d28fb09df3ae44082e7428cf1825fb7f193b3b666a988cb2a1f2df14346e925ce6abff7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7fbcb6a85293a66274ca0e5fd95c552d
SHA1 2a547d8660a968ea455a1f262f74d046c6d03f4e
SHA256 8d285d196e508d657ac75a273fc167dea59163137c212d53367fd1b3f5c13fc3
SHA512 abb96b31cff71635be7fd06ef0ba365182a9145981abe3afac72157e66a7e35688cd1bb3866f2ff604e21993489865d93add41ff2613729ad1892506b0c1b8b4

memory/4484-1736-0x0000000000400000-0x000000000040B000-memory.dmp