Malware Analysis Report

2024-09-23 05:09

Sample ID 240613-cvp8cavcrq
Target 56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe
SHA256 73a46ac2ac1c4486315c7afcb9cd134a7bbaba70cff7961225bafd2d6667fd0c
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

73a46ac2ac1c4486315c7afcb9cd134a7bbaba70cff7961225bafd2d6667fd0c

Threat Level: Likely malicious

The file 56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (1317) files with added filename extension

Renames multiple (5276) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:24

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:24

Reported

2024-06-13 02:26

Platform

win7-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe"

Signatures

Renames multiple (1317) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\Filters.xml.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\sonicsptransform.ax.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe"

Network

N/A

Files

memory/840-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 3d3b8417fa02c35d9763eaff8eefc515
SHA1 6c946cd9535bfb3b42b40e249250e0dfc24f9574
SHA256 78959a95fa82b5c3af2a1fddd3fcc153d4f77143e3276b905a14d27aabddcace
SHA512 7379db52ae44d056bd8f0eb0996df81d12d30e8117152efa7ee17f431b088c7768a1af3503acdd9a68dc1528d211098966a023e22dc4f641153043e7262d2bfc

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 1e8053dff25f14be0897e297adc9d395
SHA1 d7c85da8c436f75763d17968f9d53aeff35b31d5
SHA256 7df215de9e2d6a077a76b525cb2ab6bcad5ad93bc1b69fd011342a5b022ef6cc
SHA512 45dea5cd7079245d4afbd3ef49f3179aa4f61a64fb96fcb3b9871ef6ce3aa97d370eae75eb46874bec9c7d98dbedbef57f515181834fd797dfcb99ca7412e055

memory/840-26-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:24

Reported

2024-06-13 02:26

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe"

Signatures

Renames multiple (5276) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\MSO20SKYPEWIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EURO\MSOEURO.DLL.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL103.XML.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN086.XML.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\56ba96c9d8f6df11fffd460458fe8360_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp

Files

memory/1928-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 714adb0eff3e7e6f6e0ef0e7d33c0ac4
SHA1 d3a909431bd196875e9b121242603e4b5c026a7f
SHA256 7f566af7cb7a395134d18e1bb6f9ca22019d9e9234f97ce2491dedfc4d4a323a
SHA512 b72be7f8dae4c03e730a0f177ebf46e1217da6fb3fc4366044ca5ed2de8c776640a32edd28319954a95eb51e59860a11e0aba9c9897186335aef7de12a5bc15f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2eae9d9ce2df9ea115d365948b4ba36e
SHA1 0bf7dc5827f5eb5cf4f9b56566cd0fa259c9c5c4
SHA256 7de808718829c57dc5bffde9e830d447f87c09172b4cd0af19fc3acc876b46dc
SHA512 13bf14fcf7d7efd74f9161dac32b158f7b4308d326b15807d9ccc94af1cb71c21c878df90d31d891b5b9bb5bbde77b66eb732758707ec8a961d1a912b0070f7b

memory/1928-1200-0x0000000000400000-0x000000000040A000-memory.dmp