Malware Analysis Report

2024-09-23 05:06

Sample ID 240613-fzjsxavhlh
Target 617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe
SHA256 4f8dc17a4c40c7ad17982bdce1476377914380b18ea18071894f4ecf556aa435
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

4f8dc17a4c40c7ad17982bdce1476377914380b18ea18071894f4ecf556aa435

Threat Level: Likely malicious

The file 617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3433) files with added filename extension

Renames multiple (5354) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:18

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:18

Reported

2024-06-13 05:21

Platform

win7-20240221-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe"

Signatures

Renames multiple (3433) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libball_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Shorthand.jtp.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\it-IT\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe"

Network

N/A

Files

memory/1464-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 953b944efd9b8c47e0e2b1ab57f7b506
SHA1 f49930a8ede216151e06b379da52fad59cb214ce
SHA256 25e545d5baabf5a745edb013d4e59a296fab59579d159c9d41f2a724730a77b5
SHA512 7b5c7c1c61a5e986dd623c37f1ba8f1ec02b18bf6e9256e58d3da9c1311bcda7b4b775d10b7278ddf2d2e33aab6eda6e90c4fcb74e9d3fc2539ec9f28c611d68

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b7b9c48e855fd5457842a76af961e881
SHA1 4bc34c7da3313b8bf45a74376bf2d8bd2f3c5fc4
SHA256 75314d0219b6c101541d2127bbb2bb485dc7e26a68bc26f6d0f63f0061ee14fa
SHA512 fbc76931bb38e443de4df581f0d8806d08d617ade59a00e7d04a12b44e4a15e72d676daa8e72c5bc2edf7add00c6bee4eae468207efe0ee0a6e5a511aba0aeef

memory/1464-74-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:18

Reported

2024-06-13 05:21

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

99s

Command Line

"C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe"

Signatures

Renames multiple (5354) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\host\fxr\7.0.16\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\SLINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\JoinBlock.zip.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SAEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\onenote.x-none.msi.16.x-none.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f7\FA000000007.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.GIF.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.GrayF.png.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\617f0ca1ff559cd06351c88f260d8440_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 52.111.229.43:443 tcp

Files

memory/4484-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 c2d816f0a20916551695d606f00cf68d
SHA1 6fdb13d3afcb1514fbc19a48b450742f93f20205
SHA256 7fa401481acc6efe0c99c78b144758a1879cd2cd4da0f1c60ed0415eedec5a35
SHA512 d7955661304a2d8ca27b30a8074ebdf1cf4b94717346b2b6cf01dfaadff8eee79061739c62c22556495e13598a05d028f3fa69fb477d061341a9df7d33ca4e1a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3c9ace57a56474c6c23a74a513882c86
SHA1 2868df498da7d01013ca31542a790f861741a906
SHA256 d1700390301e36b3e893cc5246204d9eb17727a8cba3dff57ac73447ae8a5f67
SHA512 ddeb8ae17b5cf58fb9432d21b14a82889204a4c68fb2af6741d0734022d182d90ef50d095c3a9d009c012bc4cfe03769adf5c2d357af35d54e37dfba4eb9f346

memory/4484-1216-0x0000000000400000-0x000000000040A000-memory.dmp