Malware Analysis Report

2024-09-23 05:11

Sample ID 240613-g376ca1enk
Target 65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe
SHA256 24ea42a8daa84a67f8f65e3ec26b067eccf80208ced6e34a102a2e3f084c6580
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

24ea42a8daa84a67f8f65e3ec26b067eccf80208ced6e34a102a2e3f084c6580

Threat Level: Likely malicious

The file 65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (2843) files with added filename extension

Renames multiple (4703) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:20

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:20

Reported

2024-06-13 06:23

Platform

win7-20240220-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe"

Signatures

Renames multiple (2843) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2340-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 b6462b60758785d595466045436c9f60
SHA1 c0faab48efc9218b91a8f025e220bc9736b5f31e
SHA256 8eaf1da7de629912dcaad4a241d965db1698473bad708543637e7af0a994f55d
SHA512 ec90d55cd64ba97855fc22f30c817002b93da08b77e6b6e831bc19285b556c2e5dcf66a8b15e45345049fefdd0d0de14295be72553394a167ae54e0eaf05ac4b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c9d7ed2db41f620acb1d10e5cdc09b82
SHA1 3b722a7e51524095e9f0535b94af2d01a6aeae93
SHA256 5a0c57d0432dc077dbe66580a73fa295fc82c6eda1a47055dbf7d6daa95fb0ed
SHA512 b737acdf5ce63a116d5ee311b4fcbb4de5c08d1e6b07a97bc9a43589816eb897f73fd5108602e90409b6df10bca095867b8bb37c0c91683213bb3c84976fc1b2

memory/2340-420-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:20

Reported

2024-06-13 06:23

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe"

Signatures

Renames multiple (4703) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.AnalysisServices.AdomdClientUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IVY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ro.pak.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\msipc.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\65177c07212f19ba71877f8c03ebeaf0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp

Files

memory/1780-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 241667dae2a84824d1bf6c6de053cc04
SHA1 3f2c6e0fd44b4f08708b335d3eba1f456b4061af
SHA256 e910cd8d1c96840a69efff6345a1051860943a7f0b0ddd7037b7bfca186ba446
SHA512 afa0e1219c27ce6553eff6191c19fc0e0e64937e280b48e3f2dad130b59c404b65ce2e09902a149198d2b03b4e4ad469de6835a8b2cd9cdc4e70adb7f60512ce

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 4b223051e0f703bc1cd02af836b5e3e5
SHA1 2f47487c86f4bcec27cdcd7ab2e138a24cf2385f
SHA256 eb27b647b51f002997e03c06fe27b9fe92db9d1b565c8d900ce444535c1c9ffd
SHA512 71c01848c64d2deca41f5871bca808327c58bd4240173ee6a36128469c701814b74bdaf8214f023df3c15029c43a6af0a4ef398961215ec5ab10bb9ee2e47fe3

memory/1780-1644-0x0000000000400000-0x000000000040B000-memory.dmp