Malware Analysis Report

2024-09-23 05:12

Sample ID 240613-fwnyfsvgpc
Target 61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe
SHA256 ecb8027e23c715d74e948eeb94c278b1bb6712aacc49490486402dfb75d530a6
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

ecb8027e23c715d74e948eeb94c278b1bb6712aacc49490486402dfb75d530a6

Threat Level: Likely malicious

The file 61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3460) files with added filename extension

Renames multiple (5023) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:13

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:13

Reported

2024-06-13 05:16

Platform

win7-20240508-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe"

Signatures

Renames multiple (3460) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\F12Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\nss3.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe"

Network

N/A

Files

memory/2232-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 c56dbcb778f9cd207b4ae1a72c570e78
SHA1 286789ec7163ee67e6817107138e46f1cd5a4cad
SHA256 43105ead78927b6a52a1c4b3c3d44d030d6939db0172a905db387d4724d8b0c6
SHA512 09edbb7760b6887765c5e9a106acc00597db5fac3bf147ad30f00dc53d6218600821dcb67c05b57c63a2a8feb318598b166ad44f307a6fcdf4e4eb59f23598c6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 61ca007ab9079ee87de1d97e430ac2d4
SHA1 6385d06ae6cf821b3efacc03144bee43c967b97c
SHA256 0c410a8daed2e0a14833965edfd8adeec609c3b0c9aaac42e046a3a57290d937
SHA512 b76e86fc9cff526eb1ed8475cfb6be11bb9680d26ac60c2ebca47692a7ff29c713f79372003f817942a55ebf2d1d84387331e32a306cde3dc11806508cb7f0ef

memory/2232-650-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:13

Reported

2024-06-13 05:16

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe"

Signatures

Renames multiple (5023) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MsoAriaCApiWrapper.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\61215bd0cd99b11c25f7de0728364c00_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 52.111.229.43:443 tcp

Files

memory/216-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 73fb0a4cc13a1c0b42a648cab99937db
SHA1 299d7e560c6652b371af2a4b4560ad71d1efbc8a
SHA256 2bb1fb205fce80f18922fbde1afc50d52741d32e9fbf9e93db894dd709ce060d
SHA512 eda9be74ef33f5a149482efd28d6a82aaad75f19717ea399b6723bedfafc77841eb58e23c9884b4ea2ff6cedb73ffedde344cd7ef6675c045a510b71e54c4773

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 92482598e53d56c16dd5203df1fc42a8
SHA1 84eedc80d96a61d8349af3925b2938b46ae11334
SHA256 8041af544375bdd0053b4e828df2da791ab8cbda468ff9962e75c2534ca8a4cd
SHA512 c069fc437044eadeaee60a146bc816de2a80edc115e4d04f625b17d755bf178dd83ab71b1b7a2a98aff454377985bced7e41360e46a8f7db1ccc2ab5ac113bd0

memory/216-1790-0x0000000000400000-0x000000000040B000-memory.dmp