Malware Analysis Report

2024-10-18 21:40

Sample ID 240612-nqcl8sshqf
Target 36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe
SHA256 3a648ad9eb147c8f6278edd036b8595d7987b89ec74d75a6c58fc6a9944c615c
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3a648ad9eb147c8f6278edd036b8595d7987b89ec74d75a6c58fc6a9944c615c

Threat Level: Likely malicious

The file 36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (4908) files with added filename extension

Renames multiple (3436) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 11:35

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 11:35

Reported

2024-06-12 11:38

Platform

win7-20240221-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe"

Signatures

Renames multiple (3436) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\F12.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe"

Network

N/A

Files

memory/2388-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 f0085a05f74df3d6772fcc65d5a8ebd2
SHA1 4ab686f7d0f5c1f0da98ec5a3294de0cc22d5b8a
SHA256 fa62259b66fd24e221392a20b05a2c42048cd4d55120ebc2c84c1b03140e9e36
SHA512 6369fc1f76d1eb368f382e2067bceee0aef716d541310a91edcd739f5c6952b68ba3937781eecd12440a9afd3bd4b57236312883d9d6acbea945af6c976af3a7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d0f6a53eff6e00b9060beca81aca171f
SHA1 5c2893d70c0f3fc6a63473f388e88c524cdf2356
SHA256 2f89367abcc8afeff88a008a08bc427eb50d5031201cd83c092e6080c59a8b72
SHA512 701095bf54963764a6eec78a21f987b3a9703e14a6fd8601353222ee8b2f78a2eeacde6f7b04f80e74153f7964d9cb13dd0317c33be9a69d7f0784d683e11c3b

memory/2388-650-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 11:35

Reported

2024-06-12 11:38

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe"

Signatures

Renames multiple (4908) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\REFEDIT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\CloseWatch.eps.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONRES.DLL.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Queryable.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\36f92911e57b006807de506cbe2cfd40_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

memory/3308-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 71657ae10537c5ab0eeb4c5759a880b8
SHA1 a9d9a59e68786a531145f011ec9a0f97d22e94ec
SHA256 2d2a4d4e406d3c4d8f52a474ad0337264b0c0ad4035f0a1dfc191865a5c13512
SHA512 bc0f9755e5eeb8f02b405801eacb010a8fa70e2fa4defed5df04d8b0a607a24606317365eb92570323a4f141448d075db15f84a236e9f6ac6d3c1d83997a251a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7ae15ad55a65cf01badb617a6cf0f7c0
SHA1 6f652bf725230630f746c05d0f6922e74381b833
SHA256 35ce8d280191c095d59ee7ec542bc3a47ec299f453a8ed3294b57d4faafcd877
SHA512 e1a323a69fd2f852d4c1d8f378c03ae71c86dbdacf3232f28d7e7a0afe98fd71f2a76c6bbf192e3fa1921243d4703abe561605940a72f3bb416ed5f2e827fbec

memory/3308-1790-0x0000000000400000-0x000000000040B000-memory.dmp