Malware Analysis Report

2024-09-23 05:02

Sample ID 240613-hb841axfjd
Target 66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe
SHA256 17704f5f4b3dc58934699c9eef13d8cc9ba17ed118e308873fc3556713783438
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

17704f5f4b3dc58934699c9eef13d8cc9ba17ed118e308873fc3556713783438

Threat Level: Likely malicious

The file 66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3447) files with added filename extension

Renames multiple (1122) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:34

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:34

Reported

2024-06-13 06:37

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe"

Signatures

Renames multiple (3447) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\de-DE\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\wab.exe.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe"

Network

N/A

Files

memory/3048-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 d765267c1187da33628ad3fa69d1d12e
SHA1 86e9f520485898da7e2e10d39ea10888a5417a98
SHA256 bd8289e7974c36f037dd0182a005d1b24206fbfe6871e89e12657b330a7191f5
SHA512 85d6c76826050f8b450d6f84898f37cabce6dc7fb6218de26fffa613c3ab1e6c793a12c0e1358c3bb73d49dc72a4816676dfa5c89424ced16b97c91cdb4479d7

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e68220540469f310d020fcfb68d164f8
SHA1 30742188405b57e80f01d5b3b7739898ad1db77c
SHA256 1ffd82566bdea898e8484e3aa4485bb62c53e35edc8044923a65c9e747e2253f
SHA512 dde7730510159c7329dd399ebc14cbc7163a29efa0a7800566bbde2f865819c800c49ab5b6061b0fab7f16acce7cebfa03d6129d2495e285c03c0687ba1d2a70

memory/3048-652-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:34

Reported

2024-06-13 06:37

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe"

Signatures

Renames multiple (1122) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-fibers-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\66070153a411d5dd7a1b6f1e0bd508e0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5164 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/4028-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 0e377152442ede69305acf5627909967
SHA1 53f6f224a19e04b3bec2cda59e75466ac72020d1
SHA256 f77f31e9ffd45408e4e865f8b2309981f767dc1a2d1ddc071032eaf2f4f33315
SHA512 acc420685587c5036ce8244bd395c53928f4d2a7ece11382a70287bcf2d01bd6ea8cb56ae68328f51c441d212d53fe9883577971ca98bd1b39a14ec650c811f1

C:\libsmartscreen.dll.tmp

MD5 4c89c804b4a067f4a84c35c9399046c8
SHA1 654de98ec32eaea86d6186e3562646e59e3a05c3
SHA256 b925913b0e5ea2ed6030590a63e8bb5d48ac777c7314cb09299376fcf6a004f0
SHA512 019f1c1c3f0146553a0f6f7352a35a1e289a9518a2345b1eb4ee28fe9f39e1742d5fb1c618a45dcc7fce382388525e247861bfa48d5bb2f2f604a6476d5bf9c2

memory/4028-426-0x0000000000400000-0x000000000040B000-memory.dmp