Malware Analysis Report

2024-10-18 21:41

Sample ID 240612-n4n77aterb
Target 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe
SHA256 215a4bbfd2fca313e53bd09f6a2f8e8da0451b97ebe3bdf822febb69d302b316
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

215a4bbfd2fca313e53bd09f6a2f8e8da0451b97ebe3bdf822febb69d302b316

Threat Level: Likely malicious

The file 38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (5279) files with added filename extension

Renames multiple (3745) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 11:57

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 11:57

Reported

2024-06-12 11:59

Platform

win7-20231129-en

Max time kernel

150s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe"

Signatures

Renames multiple (3745) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Eurosti.TTF.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\gui\libskins2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\penjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\digest.s.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe"

Network

N/A

Files

memory/1720-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 424a354956efe46f5238901ad2777f43
SHA1 75d244640a2fdc144af547274ac3fdca1d0c5306
SHA256 75869a4bbfe0ec7cc932c1922295546f285994763fe95ea009221c1644ea7ed0
SHA512 8d47f5dc6f90d7c0ab405212dd482236ace9d70d4107eae34291585fef8afc9a004295a33d485f699303fe3390b4503e5e23564eac75e6d66f1d762ad494c2f9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 deb02d006ed24c1c243cc7f6d793e84d
SHA1 659f7eab152d0659ae122cfc3c2d94a88097ac9c
SHA256 7af674835f23130b8488ece8f7dd94f2cb71c67c1c8ff7c875445738fadfbac5
SHA512 768b3a2cc926cb903da2fbb57dee13956cfe12649eaf90785f3202fe662502dacd81c686665581e1f9a6e0db2a9f046aa1eecae5259f308064d569ce8a544eb4

memory/1720-76-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 11:57

Reported

2024-06-12 11:59

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe"

Signatures

Renames multiple (5279) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\110.0.5481.104.manifest.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSO0127.ACL.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\BHOINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\CardViewIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOARIA.DLL.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Blog.dotx.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\EssentialLetter.dotx.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7FR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ALRTINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\38b4f00f272ea45736d31741a3c95450_NeikiAnalytics.exe"

Network

Files

memory/3756-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 dec233fec93d9254d62618ace9e329fb
SHA1 ee58b33a2df859d9fd9a8fc016d5980e0e4a33f0
SHA256 80e407ca75707b5b9101ac804c9eee07c0f6def143c51312f8fd574dddd7af00
SHA512 378db26cbec7cad9a1d7604ee08b0acccd1df982454ccf5c5683bb8e5a7fbfa3000b97a56e3f798146466bdaeb3add02b2637b33c4ee7e1a0b769986059c24e5

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c7a6998659791be110d1673c3eec5604
SHA1 2e60b5427e795ef90632758c879a31eb7b023899
SHA256 7406584f9f72f698c88772bd626b297b3cc38e06cce5e230b4ed202fb1487fd0
SHA512 ce9e4c75c10022df88a0c029758f4c1cf83dd76e6f3dc3b02989ad2bf3e989e7f677462fe4e70b91dc89020e86f531ef08fa9e9a13de071a2a801dac10608d4a

memory/3756-1214-0x0000000000400000-0x000000000040A000-memory.dmp