Malware Analysis Report

2025-01-18 00:08

Sample ID 240603-szqmnscb76
Target 2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe
SHA256 8e5b62a94bb85ee18e5deaadd9c185e596d6e6e9aea0a617dc2a292d5dbc7775
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

8e5b62a94bb85ee18e5deaadd9c185e596d6e6e9aea0a617dc2a292d5dbc7775

Threat Level: Likely malicious

The file 2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3522) files with added filename extension

Renames multiple (5030) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-03 15:34

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 15:34

Reported

2024-06-03 15:36

Platform

win7-20240419-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe"

Signatures

Renames multiple (3522) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmpnetwk.exe.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\PDIALOG.exe.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\pingsender.exe.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Waitcursor.gif.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\it-IT\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe"

Network

N/A

Files

memory/2368-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 e233c1fbd494651baaccbe6b439fe58d
SHA1 386da40bf3b592041b7cc1427df058929fdf2ab9
SHA256 29833aedaa9152eee3bff422224a9153b71f30ee7c358c47143285bfc409c727
SHA512 b74e06bfc8fabb4972bc7d9d10ae2d8ad5ef7d5e89781d9b2b2be7cf33e5098e2bd1d540f9b5cfa53bb9c109815f73b8422411ce672e970b7c4127d535c588e6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f694d487085f8779f0f15ef04e6a1eb0
SHA1 016e87821a07c1c8702bb8870013ec2dbc8d7a02
SHA256 2aa87d7a9ccad9ece115a9168b5a36b89e9b74885cb7db7d6174653fc1f019dd
SHA512 f2eeac5a6ace8c24a4bb106c5d7acdbdcacfee28d7ce5e54ef36df5a51648cab4ffb1a1ea8d93f3ef5ad4f62af4cec94c180b13e4b9c5157ec4fc7f87e0c492f

memory/2368-76-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 15:34

Reported

2024-06-03 15:36

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe"

Signatures

Renames multiple (5030) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.png.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\APASixthEditionOfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7EN.dub.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\2a90b80b6aee222c5ce25b8974a18940_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp

Files

memory/2832-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

MD5 1cd84ca1038faf5137484d18a9301d46
SHA1 e951374e11cce4e3468282ad5a0d51419dae6391
SHA256 14b61efeaf8bb14d59f1972aed1eaf8284a7aba6887193210657ad5e70321b9d
SHA512 655aeb0d0fda03d87ee356522d9d61ee2118e3280a645324885ebfbd27edcdae0cbc16d50ba72d3afd73c82609ef7f936338eaf7548c7cdafb1c90468b34bd57

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1c4c827b9e6675eab99fb8b6ffdeee54
SHA1 8c537882de5793bc9e20ff588678d3cce49bcdce
SHA256 5d15d86143abc0b8a063c9d7fcfe3c7c67b21f70fdffd18d092344a71e21bdbc
SHA512 54f184b17768f800c241e2491cb1809caeab222d1f216a52b1c42da1cc8cfd9a0424494f3717415c9c50d05fc1ca06d784f9adf66b9deb479e72bc45f2e00154

memory/2832-1098-0x0000000000400000-0x000000000040A000-memory.dmp