Malware Analysis Report

2024-09-23 05:10

Sample ID 240613-far3zsvbme
Target 5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe
SHA256 1a73fc5e2b224ad0deb19ea0c368f1390a2852e56f136103cf6c5bcd35ca2e4d
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

1a73fc5e2b224ad0deb19ea0c368f1390a2852e56f136103cf6c5bcd35ca2e4d

Threat Level: Likely malicious

The file 5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (5293) files with added filename extension

Renames multiple (3751) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:40

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:40

Reported

2024-06-13 04:43

Platform

win7-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe"

Signatures

Renames multiple (3751) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Journal.exe.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\eqnedt32.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\F12Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe"

Network

N/A

Files

memory/3052-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 e517defa9c8f7f1c19040fd7f33b29cc
SHA1 f569240ed881cfa5dfae8a706e05b3f5c9319569
SHA256 1f37915b22f923800c3c3106782b2f850b217a6e2c75d42ebc83df922ab1217d
SHA512 c754b0fa2ce9b4e195da29cc4e4f1e2ffccac1332344e3b13ddeae0d675dfe0155d353911c7c4eba91005ec100603dcc2a76450eab9d22f5cd59befe5f10aee0

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ccd2f2cecc1808e2e0a9b8a9e06e590a
SHA1 08eccbef06fc1e43a123643c3fd5622406ff8465
SHA256 a3405ad79e9de1e3c9c265e283265297800a1d3240d0bcb4ed38d37de057e60d
SHA512 cdd3ce230949f62cc6e1006f41d7facfc1127c7d3786f5a215f4e3d176e3ddbd87b07bc0aa87f81f70c1ccd16cd57f3d47a9cfd9263b5b4ac690976cb6759aee

memory/3052-76-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:40

Reported

2024-06-13 04:43

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

54s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe"

Signatures

Renames multiple (5293) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GARAIT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.White.png.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5f36d310e526529d06eb32696d7e28c0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/4512-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 ef35027e0c350556d6fdd44905079950
SHA1 e7a98ff0d68f341eefca329215246c3c6a402e96
SHA256 fafbfbecad2136c063e667b2af50c253774658d63750d948402ec1dc46e0272d
SHA512 dfe366dcaa92c930bb3801d4c6cfaa4dc47ce1ac54de49b12ba33647f55666fd46c3ca2f188bdbed778cea43161518c1722aa5aa994faa56431c97bda22b83bd

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 884fa5e61e66517ba8ccd2d76db78600
SHA1 4e78e845086dea536965be31dc0f3bfe75b9a876
SHA256 bb2f5c9bee86285e8b4c0d7b102207f4fed790eac6e281ed269eb02ae7a88743
SHA512 80015af6e7628108babd88cc8ba2a2cfafbf81138c459d52a01eff558cac8a736d4f64588169829edadf125febc93b4cc7816791460b0fe0968e5eba297a3012

memory/4512-1212-0x0000000000400000-0x000000000040A000-memory.dmp