Malware Analysis Report

2025-04-14 04:16

Sample ID 240609-jd1q3sgd62
Target 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe
SHA256 7043fd6d8cf2a251bca7483ff9fbab41877f424b52e6ccebbc504ad8b998c744
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7043fd6d8cf2a251bca7483ff9fbab41877f424b52e6ccebbc504ad8b998c744

Threat Level: Likely malicious

The file 162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3671) files with added filename extension

Renames multiple (4468) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-09 07:33

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 07:33

Reported

2024-06-09 07:36

Platform

win7-20231129-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe"

Signatures

Renames multiple (3671) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\it-IT\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pe.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2088-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 0f6e165a706f1748d83e8217a3d2e764
SHA1 028170cdba095868a1f08ed8aa2e8d76fc702d0a
SHA256 19f60aac0ded0f5e17b3f41c26d4d5dea793e8d19b096fc9fd53e3fe4f804246
SHA512 2e403b2269ca0031770d3219243a838e856bb1f22cd8629a9eb393f7b8dfd09f38fe40296ea265a840983af48be3a8bf1903864d07d877e2649dcaafc90d0e9a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 08f7caf75c4da5458be2884d8d7733bd
SHA1 5d404d1a5beda0f5400d092822fc9c13dd86ad8f
SHA256 2c436f026e7914cd96ec79663c41e99975144195d207e7806621599cebc2b518
SHA512 9410149574277147cd91676bf54df7b81f59aa115658e5d89ef29fd23669158fef2ba78a415eab2a21875696d5c34eb807c32d56613535ef3669a76cf0cfa20c

memory/2088-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 07:33

Reported

2024-06-09 07:36

Platform

win10v2004-20240508-en

Max time kernel

110s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe"

Signatures

Renames multiple (4468) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\AUTHOR.XSL.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\162bf23874d959e41612f1bcf0b1e5a0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

memory/3568-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 65e3720f6985cb0aeed4fc5490ad6275
SHA1 1f1000425346ad268fee6922e994fc600ee1c504
SHA256 bc22a2196fcdbaadd0bc64984875b1fae5bcd47abecb7236b259a8737f3c4a6d
SHA512 1f55c8deefb0f75d38a29f8fb345ba6839489002ec2ee6f4d6a82cade622a337a7ccb3cc3db888499104b663d5668be6b60771353ebea8e00ef28e9dc3d73a27

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 090b1629d75daddb8b4e582f4c13c682
SHA1 12c1fbeae4838aaa805eae255edfe427a11dda13
SHA256 6a920a398500c9ab32428bbda828af8c2e3ef849e7348d67cad5d64e9da8d9c0
SHA512 a8d74c09ca0973d592430d9b28513b4ee310b362aebcfd38673624e1928bfe1245b2639dcdcdd046424a2d53a2871397669f55e56bb8e56a472879e611c88f76

memory/3568-1220-0x0000000000400000-0x000000000040A000-memory.dmp