Malware Analysis Report

2024-10-18 21:41

Sample ID 240612-nz117atdne
Target 3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe
SHA256 b7786390ef426d07d9fb5f99871606a192539f8f2fc9f17780d51a23e0d3d399
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b7786390ef426d07d9fb5f99871606a192539f8f2fc9f17780d51a23e0d3d399

Threat Level: Likely malicious

The file 3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3550) files with added filename extension

Renames multiple (5197) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 11:50

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 11:50

Reported

2024-06-12 11:53

Platform

win7-20231129-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe"

Signatures

Renames multiple (3550) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libvmem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnetwk.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\pdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2208-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 b78be610fb182a997576eeef822895da
SHA1 f88529eeb8dad0b6032aef9ebcc93b12b75c7842
SHA256 794ff7bea1d060758923a65f385a1f98bf05eb51ab9466b4142a52f8889854c0
SHA512 0b76447a842b54e4c69b638239627d7cfee18281df6590a8eaf57bdc7c9d2b7e60751ea413a49328e3a7de34cce1ff737f931fbde2373000d5e452731a6b03e9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5a5c94f229b336ec09daf2d71c148aad
SHA1 4f3edef9d7ec921b3ce960476f0014d322a9e631
SHA256 c9aa59c8f26e4a094622f656a3f6ad23597ea09e816e37ad1df45684007a7ecc
SHA512 c30a90a3c97291867fe7cdc7859bcaf5546bbd012b86fbe0bf28ad6436972c9c2371616a88aa8488a6d4c0075fa70eee3d8c9324350fc3959c1844a0c17e63d9

memory/2208-652-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 11:50

Reported

2024-06-12 11:53

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe"

Signatures

Renames multiple (5197) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL120.XML.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\ConvertFromEnter.pps.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\IFDPINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL086.XML.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3822ef5970f138aef0c6e7dc27ced7c0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 23.53.113.159:80 tcp

Files

memory/1664-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 5a6a22093ccabdb682bbe740688b5257
SHA1 4875224379b38e7cfb214f777f63f56e7c2d87a4
SHA256 24ed251203a636387f39474746e23c5fbe1ad47adbace7b5691c4e1e2123aead
SHA512 22e43b6cc0423cf78b3cb94fdacbaf0c6984bb00c5a27880a78a364f25823cef1bad54c199b167f5f48e729e888cd7b34a735e841e15eb63c2ec8b2cb1ab2e8c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 118662c17f136d73f11398a2fa1088c2
SHA1 cfb679cb938c8dc377a08043d8ebeafe33db5f06
SHA256 4d92b09045d857ffea238dbf65bd606d677a63d78c37ff16a8f6cfcbf44a7ae7
SHA512 703b38baa3d6e3f9c3ec4c42408db7d5e05fb82eb39e6a291cf1ad0f332179fa68cd3b8e0368fe7595011d9f7096e6b495f789a3d2bda4327091c51fea714c33

memory/1664-1944-0x0000000000400000-0x000000000040B000-memory.dmp