Malware Analysis Report

2024-09-23 05:06

Sample ID 240613-fmwa6syelr
Target 6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe
SHA256 ed0e74a830b652267bd375b59ed6f2189616516f37f7eee6401b80f7c48895f2
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ed0e74a830b652267bd375b59ed6f2189616516f37f7eee6401b80f7c48895f2

Threat Level: Likely malicious

The file 6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (5206) files with added filename extension

Renames multiple (1041) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:59

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:59

Reported

2024-06-13 05:02

Platform

win7-20240611-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe"

Signatures

Renames multiple (1041) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsource.ax.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe"

Network

N/A

Files

memory/840-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 d00296ff59f7ac3c9cc9830eab02afe7
SHA1 da6a749ebfed545ea106a7853102d9bcf2e05d2f
SHA256 e02cb39701a88c7e1fc92a77345f4c3a9aa0c8e891b0882a7a8be52631518753
SHA512 4b56a546ad17fa96ee83fec1241e8eb47c715ecf470518512e4238ab8024b2144f570d29c118dbba765c09239a8e9ec9617bcd7f33d21db1b374423c3ae9b964

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 61e53e5820bf628f7b84ed553997135b
SHA1 388c48e89a8ca3a4fd84cb1859732aeab485aeef
SHA256 a3b412eca7f3799ff10c3852fc36ae0986db3ba674141f914f7402444c92d673
SHA512 37b50d1af5e3b500da9df4143303cc53374f0cced447b45df38e48bb808395f1f0489cda022f1b94595e7e3c823dbc74c12a22db98faac068f4f897764fe1d86

memory/840-26-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:59

Reported

2024-06-13 05:02

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe"

Signatures

Renames multiple (5206) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PowerPointInterProviderRanker.bin.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\LHANDW.TTF.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PPT_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6072c266c2a4020c08afaeb9db2e8eb0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/2276-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

MD5 7ea3f86daa1f9e09cc6e4b6bad3e99c2
SHA1 1307f0cc2fa011519a456bd59bc6e9cf2065a701
SHA256 60c4cfdc83624356246bb3f9cadfb96610a64bc073b040ba0dced6288a3f5867
SHA512 1a5521381500247d6f8686cc02ab216b42ef0b9e36e42deb2fdc8b8cd4c9d4cf675350f13658672b1bd951b1374801ac58096f6fffd85bde102b681a961b4c7d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8a2e0332f37cb8fc8883e63b2f37aadb
SHA1 3cddff9d9b35dba48e07aa24f0326f0c653acb62
SHA256 44e992080316f49b5c6cce4cab377f52f7beb541220eb75de67929466acfdce0
SHA512 cf5149c79c859c8735fd3f01668654a71709b6b996634b50b1bb260a36c939f365f64cb97b79e9666c3125401d23d2e001bf361386b51b864b2da38582d31c9b

memory/2276-1212-0x0000000000400000-0x000000000040A000-memory.dmp