Malware Analysis Report

2024-09-23 05:04

Sample ID 240613-etnn8sxeml
Target 5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe
SHA256 e6844f925aea94c1e984e01501803dc16c7404e74f8e8cb962ebc490c324af07
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e6844f925aea94c1e984e01501803dc16c7404e74f8e8cb962ebc490c324af07

Threat Level: Likely malicious

The file 5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3457) files with added filename extension

Renames multiple (5277) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:14

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:14

Reported

2024-06-13 04:16

Platform

win7-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe"

Signatures

Renames multiple (3457) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\FindResume.wpl.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\calendar.html.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe"

Network

N/A

Files

memory/2164-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 95110e4f758146cc4bf6d13dee484088
SHA1 963435658ecbe5b87193f117795941b94797b6a8
SHA256 5ecd0c9515defbce9241521649c1ce524bca1feae6b7fa8de7f44e8ef66c29b3
SHA512 9aae2ae5c3cadd81ff2fc0b84f45f8392be954f710a5a38b3f82200530d0df78f607738e3fcfe2287394f3e05fa8b82fba589925694bcd55f930bba07a852e1f

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 acf1f1e7cdaf8923f7691b3f875892aa
SHA1 19886dfe32319fde447981488410c49e646ffb6f
SHA256 427a93f16da9c0215f6f95b62ae41464b2f8e8b76f4c3061a74237d93561f6cb
SHA512 bbbe3afe47d27d66dbd2f3348dad35a75bb06d5f7eaeed06405d133ee9164b371e45f27c73fbb6dcc774b6ff454ca7eb6cae052a35aefb2025261a15ef6d7112

memory/2164-640-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:14

Reported

2024-06-13 04:16

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe"

Signatures

Renames multiple (5277) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EURO\MSOEURO.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\POWERPNT.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\MySharePoints.ico.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\wordmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOS.TTF.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5d8187d033dc1e2390869a82952f0340_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4488,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=3980 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/116-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 a30a0e9b80de421950d2a66d7cae5569
SHA1 cba20bd2647c0823dda38002b1e2bfeae9169008
SHA256 60a804c0f6abb54b203890ce7c9fdc7ec9b96bacc0dc8cc559ff088cbfb2b95c
SHA512 3bfc2d54a0204dbd2760069f51a633d347698d6c8c42a24472deaef580b76ba41226dd80250cbf598fd52488da5455ae849bb0ee22352a373dc665d346212ac1

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 d22c1243b51816a3c13e685986fcdf55
SHA1 1b66feb2fa217488e4bf4c1a38459276e4a8993c
SHA256 9f187516b245e85bd37314df7f3768a58b28ba11c19aef0611581b09ea8a2e75
SHA512 07df685989ccd6be3242b82807a3e235364d0bcda720c95e955f7374e006e57496e566ee1a116b8fad2e35d4ea060511455d89f735f3605410c84743f626bbfb

memory/116-1982-0x0000000000400000-0x000000000040B000-memory.dmp