Malware Analysis Report

2024-10-18 21:40

Sample ID 240612-n38v7sxejp
Target 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe
SHA256 36fe7f45211e220a4d5bc40b020c368da3cfd673ac32d566e2126f1ea9927597
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

36fe7f45211e220a4d5bc40b020c368da3cfd673ac32d566e2126f1ea9927597

Threat Level: Likely malicious

The file 389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (5180) files with added filename extension

Renames multiple (3545) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 11:56

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 11:56

Reported

2024-06-12 11:59

Platform

win7-20231129-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe"

Signatures

Renames multiple (3545) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\Timeline_is.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\PhotoViewer.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.CMP.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\SelectRevoke.mpg.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2240-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 ec8d1a708fd3b80009d726904438e64c
SHA1 9f362e16e94b72df17aa6ad5bd7295a2692e6cb7
SHA256 4e9ccf021ff39d829e77361fd833ce1aa0d92a3b48bba1bf913608de68aecb36
SHA512 18e65b8f604bc2bf07ba1aa851d791d2e707018dd6605d40eaa00e8c8b49ba9013281f3bd33556f98c79b550d2da4b3de4ad5374f4aee7fc5f0b5eb02cca4c19

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ac8ebe6e966734e91e08aaec659d020f
SHA1 7970a7ba92bdb1a2a3b770c273ce758e7bbfbe6a
SHA256 c491f36860404898160a1d89b6721ed9343c4f73c96fb57229c7a3e86b026ad0
SHA512 1dc9ff61063ce6c95033ae95001ba8b8de699f10e611d69d78467dd14d2efa94f1b500da61f141aba1ee46c0564b024925be776a0338529dc8157a6b463bc363

memory/2240-652-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 11:56

Reported

2024-06-12 11:59

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe"

Signatures

Renames multiple (5180) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\OriginLetter.Dotx.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\389a1e6b4c0167a1cc9169ad5a8e7ff0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1932-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 cc3bf032bb034893dedf647f1c703aa6
SHA1 a372d38423762bc51fa87552ce1c88bcfb27e4d8
SHA256 d7e4dc20263414b76c2d08180be2b71422ec13c87cb9da5e413fb6a93654604c
SHA512 9b443e2e3b244ea33270f9f6d74473ad6d88bb5ad2e9b4627b0539a4153be4f0804cfd28775d068905f6eed39bb24a41917179e7b003cc78a71b6ed4eb479226

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f3af2bfee4f0f5df397479e533cb48f5
SHA1 59aaef4817e9e1bb4c3da92b74e40984710ae17d
SHA256 91363b6e860b3d17bd41c490e75d9ac8a0930a0b3c652edf9325eb4cd410e50d
SHA512 09d228c0f3415b9720c7f634b8f433385b084f0af30b3d89cde4945099d2ef9dd5e3b25fd45d180b27655947b41486163cccdf9822a2e9cad3c4864db76eef77

memory/1932-1924-0x0000000000400000-0x000000000040B000-memory.dmp