Malware Analysis Report

2024-10-18 21:41

Sample ID 240612-p7jmjszajl
Target 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe
SHA256 268bd15510e938a11ad408ceac7355b1733778e93868dad54c011420e08ead44
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

268bd15510e938a11ad408ceac7355b1733778e93868dad54c011420e08ead44

Threat Level: Likely malicious

The file 3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3743) files with added filename extension

Renames multiple (5037) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 12:58

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 12:58

Reported

2024-06-12 13:00

Platform

win7-20240611-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe"

Signatures

Renames multiple (3743) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_play.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\nss3.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\SelectRedo.pcx.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\JNTFiltr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1912-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 0123082d00abca67149df398df6ae90c
SHA1 7ce2ec42e315bc7cf263949773404e90d11cb04e
SHA256 d4eb43fc6902eab82df4a49df0ebe80107aa6c0921944732d79763c636774036
SHA512 3595b53320c02e32ead2d11945f07da39d17052b4b60720f74d9ada255543ea9b1927dcea9b4b7508ef46bf61a475342e46bb9b04e77442f8a5e211290cc412b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ea5259754e04bfc5d5571d36143049cf
SHA1 b6c24e9eb1bfd4d10ae352560ca769fad862edac
SHA256 89f2aec04a8e62b54e81632468491dc7fa74fd1d856de9ac30df4cdcc4869bb2
SHA512 a6a8d0f5f3aae7a732fd1de67fe1ac1c337fbec538695fe20cbd6e7dac10d227eb70ba890d5df599c21bdc480559f00d54428d87a0cefe27235448189e672411

memory/1912-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 12:58

Reported

2024-06-12 13:00

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe"

Signatures

Renames multiple (5037) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DismountProtect.docx.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\Office.Runtime.js.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3c486b0bd2c230521b765c1a9dec85f0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp

Files

memory/2728-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 9f9c245e0ccb68d56d0ac34daf26876e
SHA1 ecf4576488615c931ec6166f828b0b51054c8dcf
SHA256 df09e4edbf948f4d82bc703271560994b690c90b82108ab9d2453683ea2f8a3b
SHA512 2f828022f3328d8cab5dbee42234cd916561f298ab6c98c4181b374dfd6b07fa6800e8f0a70a197da6edc25d9745fd2101ca36719da1a11e1a1ce0ee096d9cb4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 871acd5e897782359640aa4cb882071f
SHA1 f20cf9ac797542028e11c55a9ef5abe91f399470
SHA256 8645774ace845b893d7fc6b9318e294ceae3f8c8a522d9b76fd977cc051c20fc
SHA512 83a7575df15841542d136cc13c7b53bee36b1fb0bf575031159d56ea921e990e7ff05b03880af11ef0205a85ef14349073a80f2f16f340bcd2a60575af9a8885

memory/2728-1086-0x0000000000400000-0x000000000040A000-memory.dmp