Malware Analysis Report

2024-09-23 05:10

Sample ID 240613-ckec4athqr
Target 5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe
SHA256 855b2ada293e96d0690b4b71010804a633985b0618c94ba98f39520470963f09
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

855b2ada293e96d0690b4b71010804a633985b0618c94ba98f39520470963f09

Threat Level: Likely malicious

The file 5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (5030) files with added filename extension

Renames multiple (3439) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:07

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:07

Reported

2024-06-13 02:10

Platform

win7-20240611-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe"

Signatures

Renames multiple (3439) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmplayer.exe.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe"

Network

N/A

Files

memory/352-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 31475a21536a0b1bfe994800b3e2793e
SHA1 76e8a4817a1bbcd1eec22be744285d487d1254b6
SHA256 a98380c6791f1a2e6ee386a560e7dc0365b2053d6bc98f3be3674f2bd9778b8d
SHA512 1d86a01cb8a959d5bc6e1ec2dc25c3e0f7a4895d0e106ac7bbc51639a35ff455ecf6d0636b92ea453d3d0d4365a4c86476959c22a805b8361d674c66dedfa519

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5f2389cb0c0fb7632ae8266689424775
SHA1 da8b1d24cc23ed65109b26cebfb894b32566d7b2
SHA256 4c42739ce3c6d920a3035e316bea418ba7ae1dfb43a3a097b4b172ccf55e4a32
SHA512 cd4d29ae28693785964e09b6600b9eb0a52f04a75754bda6d90118709a2849ac4f3ddddd4e02c3b9049067f786e766b9e2a78a2cffc313148d1ede6d56cda35d

memory/352-642-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:07

Reported

2024-06-13 02:10

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe"

Signatures

Renames multiple (5030) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSVCP140_APP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\LICENSE.txt.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.DataExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\FileSystemMetadata.xml.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5608b0d2113fe3155249ffc8668da380_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

memory/1624-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 0c2cf4d0e4954bbd9a2926dc1974f559
SHA1 8c27dc9aee3d73689883a20b53e426b843b66f4a
SHA256 e60670a9bb26d0f4a8aff5cb1eb7b71493af6d717d1814220064cfb0ea5f245c
SHA512 2b22354e29b50f5bc6c9294be0733879550dfc8f4204bc233760659da48053412353485cd45ae1edf460c908eafd01846cef9da4bbd981c60580675e4bf4f12e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 27ae6b4dbd0335a726c7c98238a0087c
SHA1 2f825c833aafeac6cce69832f362396c5eb8372b
SHA256 16287269da190ea03d0efc113b0191d782a29dd80057cbad9bdb0cfeca216cb5
SHA512 1ff3f5fd075ded98f5ac64f81a588bf99053c81a604ff661f4327a4d44a5fc4bb16001dbf42469141c4bd40659c87674fdd57690e6fd1aeec8f5efc1a29d7e86

memory/1624-1824-0x0000000000400000-0x000000000040B000-memory.dmp