Malware Analysis Report

2024-09-23 05:07

Sample ID 240613-d589msshkf
Target 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe
SHA256 ef1595504d485742ecc8328e11a1dfa2af463f90592deee04a82b4706d5c6fc4
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ef1595504d485742ecc8328e11a1dfa2af463f90592deee04a82b4706d5c6fc4

Threat Level: Likely malicious

The file 5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (5354) files with added filename extension

Renames multiple (3781) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 03:36

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 03:36

Reported

2024-06-13 03:39

Platform

win7-20240508-en

Max time kernel

149s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe"

Signatures

Renames multiple (3781) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\master_preferences.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\F12Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\NPSWF32.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\jnwmon.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\SecretST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe"

Network

N/A

Files

memory/2180-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 fbabf099e9f86bf9f6dfa85e8a913544
SHA1 038bc9d5ba56e4a731964d2f30bf646e09cc3095
SHA256 319526e2ab81e6533ba70bdbeadab31152e3e664b7b2e041547a2e22eac98488
SHA512 3cbdf33699bff2575c2dc5ded857b146b61304771d29aea025280160fbd710ad24eb946ebe04b4df8aa750bd40ae1a165e18fc174243b98c9f58e56cb81d578c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6544acaf9e3c28365d5dfeed47e2a506
SHA1 b9835aa1c6548890fc5d41d2faecfd045dcc75d8
SHA256 38d1c238a7aec60c5cbb5b216ddd57971a2e40e592274856845c7d4affa41f04
SHA512 65874f61d5ab04a33090903773eed43f61f9b52f1807291d789b0e885c34288865c92f932c36266911cce4f7d330457ff8e24f1a24c2f5660ddbd74756b8cf50

memory/2180-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 03:36

Reported

2024-06-13 03:39

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe"

Signatures

Renames multiple (5354) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.stats.json.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLTS.DAT.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WebView2Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\dotnet.exe.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TAG.XSL.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\SalesReport.xltx.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.White.png.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Marquee.xml.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BRADHITC.TTF.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5b46556c40cec6090ddf4563a7598420_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 23.53.113.159:80 tcp

Files

memory/4384-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 57f210c7e2bd22680531b2de689fcbb0
SHA1 3ad89e7b6834c02f219c156ae387dabd0ad0ea3d
SHA256 62199a461fc192060369df5cd29f74628da73962f27b9e18a04445359576c4c4
SHA512 3fe371f3687d7ab9625f87b3c21dab8394eeb75d23afc127d3d1e50ac7ccaa09542699c6c7afa3c38d55a081523f10ec2e4a275bfe28dd53e442b24bf7b0fd44

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 26558719703ee27d95503c59da0fb9bc
SHA1 38267df61f0eaff2b0b3d7d656ead2831b2e7160
SHA256 b79a0ac6e50dda2234a301f22d35605d6c44386161ea6719bc883aa7f1806d74
SHA512 89ee75ff0678c4956ca1cef1d97d506510b2af0bc6ff73aaa899364e8e6316da0cc1830d093c0b8d8a86323a33e295228b7da1b0a65fb54c5e59a48b7b82eeb1

memory/4384-1216-0x0000000000400000-0x000000000040A000-memory.dmp