Malware Analysis Report

2024-10-18 21:41

Sample ID 240612-pks8gaybqq
Target 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe
SHA256 76c8b7dbfd5247e59ba6039111db50dff96a977e9e9f557fcc6290e2cf677321
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

76c8b7dbfd5247e59ba6039111db50dff96a977e9e9f557fcc6290e2cf677321

Threat Level: Likely malicious

The file 3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (4373) files with added filename extension

Renames multiple (2820) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 12:23

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 12:23

Reported

2024-06-12 12:26

Platform

win7-20240508-en

Max time kernel

149s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe"

Signatures

Renames multiple (2820) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ieproxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1952-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 784c4d9a6ff7cac2d17700b1a18314b4
SHA1 4235bf4f9a6af04515721257bb86b0463e7dd452
SHA256 daa2bbe7c766d1c07031f9794e06d7f2c683433f21e08be0aec41c2db6a5999a
SHA512 bdef38726dee93678043b809ababea89b071bfe34e55e1d7e33526132ee96930e7e60bfa78524b4304f7f26e53b5965cd42fb996d87793cf9f5bb368c34df744

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 22f80286f3e82516f2143a24e4c2962a
SHA1 75307a96322df8429eebcddd5f93d9ca2facdbc6
SHA256 277a0a0fcf72008a07db8d59721649fe3e6bb033e4b9cb969bfd25feefa44b7b
SHA512 9850fd0fffa4b14b4ff601789e380ee5b1d95fbafebffdbce983dec0c2210cfc5355b17eda26d57e459355b77e3caf16c3583ca5ab6445887fc06aaa07de192d

memory/1952-440-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 12:23

Reported

2024-06-12 12:26

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe"

Signatures

Renames multiple (4373) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\3a309989a547dfd36a3211bbfbffedb0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/3524-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 0194d19eb3e375f95e4a483485872c59
SHA1 12e47096d57563ff60182d0c939ec691dbd11c63
SHA256 50f3995651b3638d3f1bce5f0bf94856804d765b7d6e5f446a2151cdd91fac7d
SHA512 cc5c608a152e9ff17c55b8901cc28a0a412ed1cb49923bce184abdc17b15704cc5203f5019b931b0a04c5de4113acc4cfb16ade74421ab5bb129f92a7326d3fb

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 40075da22c294f39eab7e241fa6275cd
SHA1 51fa8acc1564e02674e2688608b804db50062705
SHA256 dd9b51394df4c88f5b3769947cdb3204ee9395e1cdbd2bea64c226f542d5ac45
SHA512 24a35717a433f467d73a969d02cc64c297cd6c16b791eb3dcf60e79c15c517eb059a0114b46817063820fee532b4e4849d06adaf027bca3f54df1b2fdc231c93

memory/3524-1436-0x0000000000400000-0x000000000040B000-memory.dmp