Malware Analysis Report

2025-01-03 08:36

Sample ID 240611-ckx57s1bpm
Target 23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe
SHA256 4dbc402770db760524d812063780867896b61a9678496c99e0ff2af27a702500
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

4dbc402770db760524d812063780867896b61a9678496c99e0ff2af27a702500

Threat Level: Likely malicious

The file 23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3679) files with added filename extension

Renames multiple (5029) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 02:08

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 02:08

Reported

2024-06-11 02:11

Platform

win7-20240419-en

Max time kernel

149s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe"

Signatures

Renames multiple (3679) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\es-ES\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\wabmig.exe.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdater.cer.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe"

Network

N/A

Files

memory/3012-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5 b2a1cc8292ba7f7bccaff4e1a526a7e5
SHA1 03d956b56c160d7bd22383ee6a80b50e84b41321
SHA256 f86476902b3c7ea70894cc582d6364c0bbd1d494b9bfc7a25ad0cfaa7e128cac
SHA512 378f1030abb0665924a7cc327ca67cb65249adca7a0f8a3d119d4d06219170a300469406b58184f07ae2485dc780766071ba07ec9eabd1042fae0a67be8d3fbd

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ab60663e848d171df4e0e2231d050a50
SHA1 c2d17e592ad8e9226f7844c1422039e8ff2caf3d
SHA256 a9f39e392cc55351f5bf257be1e7a58cf4d68ca09d8efd6256de201caf16ca98
SHA512 00529bed5fd07f3fb1a9d7e365c83c2bd796f0709c3360966a8a0adbf7958630a9a1dd3e3aada3d0f5d036f1cea542d69f563a8ffed8fa424ecfcc53aa6d269d

memory/3012-656-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 02:08

Reported

2024-06-11 02:11

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe"

Signatures

Renames multiple (5029) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN102.XML.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QRYINT32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\23b0f50062a113c053733cb489e33200_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 6.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.160.77.104.in-addr.arpa udp

Files

memory/5068-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

MD5 089715bd0ad8da78f0c45b30021b3031
SHA1 8da23112808e699e6f4942ee2442dd7b6074d34c
SHA256 3100d23443289c9d9c75aee8a80edcbce13aacaf1cce4ec7ef8c4d4c56fb6d52
SHA512 4c130de0342d36b424e2722394479844ba0fecc312b7383b9998d9653cee8e42513454040b67852c2f46fc32045ab321eb18438c7d8b04fe240f40bc8df0a3c3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 008c48a63d7154ed72ae89dd0f4e9818
SHA1 4204b0a4737b1f0cf9efbda9220e0243caa1b0b3
SHA256 2a9b1c3eb5024b666cd2e7b821ccf390daeb904fc2965fe938772c94a87cabe4
SHA512 e45dc7e2bcb56ead1d0f86f0a8e5f52ded9b2be8c02317d115284bbc3ec11667fec5fefab546b84c73f03d297964eaf40d8401ecdf293b1a7b01d5aebca28423

memory/5068-1832-0x0000000000400000-0x000000000040B000-memory.dmp