Malware Analysis Report

2024-09-23 05:04

Sample ID 240613-fq4fysyfkj
Target 609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe
SHA256 7d9ecc9d2a62eb5c436b10c9de2bc6a9ffb6e07daed487c142af9c79572a2da8
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7d9ecc9d2a62eb5c436b10c9de2bc6a9ffb6e07daed487c142af9c79572a2da8

Threat Level: Likely malicious

The file 609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3620) files with added filename extension

Renames multiple (5199) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:05

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:05

Reported

2024-06-13 05:08

Platform

win7-20231129-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe"

Signatures

Renames multiple (3620) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.LIC.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ViewerPS.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Toronto.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sa.txt.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\npvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\es-ES\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\init.js.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\currency.css.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2232-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 84b98a3eb63c83fe3df6fb0d517c2f48
SHA1 4570222f7a66a1f0eaeb4a59285cab980ced38a3
SHA256 c86dd589f4469f29c321727412ede50813d9b32a2dbae111ffa696e84864bceb
SHA512 aeb7ace7a6dc128ff5bb31a61180169b8bac9a6476d5a1d668fdc8657263d0fee66d70913b646595f35e4220a6c2d7a0a8a9f7e00fbbc50f9eb8e78d6e6333ec

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0f127ea12664dec6e259832159f7c184
SHA1 fbd8d5d34ec3a0c16e77dac260de34c28eab4144
SHA256 c5dab812e164ac1a0b7f5756028463c25529f1db78a6f4e9ed0db4242a98097a
SHA512 99cd6b1e9976292beb867c72dd27cf841774c419d3374a60f0102005fd59c1611731a581b92defb07847b644b92a00b51e388f6f2649290c5d6ffd01f9caa6a2

memory/2232-74-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:05

Reported

2024-06-13 05:08

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe"

Signatures

Renames multiple (5199) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\officemui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ast.txt.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\LoanAmortization.xltx.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\609d60b5927c41bf571063d2171aa6f0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 201.64.52.20.in-addr.arpa udp

Files

memory/1296-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

MD5 9f0236ba1acd0ad8d912b40856e1ea6f
SHA1 5b3bbe605d929341cfa560fcd327d4252104e558
SHA256 4f90faf5ce23b4bc8d07ef5d584544afd4e417d0377726966bf137ff301859de
SHA512 459f22f2f25cd2e2734439e4679c7dc619eee47d1d023e4853191e389ae5e5451837497cd7192ed93377722ce1303ba9f966f988fd840ec8f12f9112b8097e0e

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 75bb5a008f89211d624935d90bfd9421
SHA1 4787889c21a3651ce9960978edd744ba3cc460d3
SHA256 ce00fee65037bcd3ce4b06ef04d2a3c70dff2884518eaa0ee2ea92810b9cc30a
SHA512 58a5790fc63526df782af77548685ea091d0700a501f143ddfc95a313c52ddee3b03caab636ab008eaff4cb73a206105a7cb54bf4e2d975d4483e38b1a140004

memory/1296-1120-0x0000000000400000-0x000000000040A000-memory.dmp