Malware Analysis Report

2024-09-23 05:00

Sample ID 240613-j56fmsvbpm
Target 6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe
SHA256 092a97351cc2ddb13e34d13c6ce32131b5ee6a39b5d81f22a234501da97073f6
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

092a97351cc2ddb13e34d13c6ce32131b5ee6a39b5d81f22a234501da97073f6

Threat Level: Likely malicious

The file 6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3446) files with added filename extension

Renames multiple (4874) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:16

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:16

Reported

2024-06-13 08:18

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe"

Signatures

Renames multiple (3446) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\iedvtool.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\networkinspection.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fieldswitch.ax.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1644-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 3076ff6cd6818439e84f4875623aa4d1
SHA1 8d49d09dca65bf6ebd28a52479b0e31f8d8fd999
SHA256 a7c9f73439407ce93a2311832580cc860ec600bbb7270efae0a150ea60319e3c
SHA512 e691ce5e2560649676ee24bf96468bef2ed96e40281742052b552a7d818d78fba51259135e9b8181501d2899a2d0a3e9a4f01addebf8ce68f565c6cb3faa7030

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 484a5f3b84200be524277922f42a56c4
SHA1 8835c53a9d86ac68973c2d7ef7ee71b2852ca857
SHA256 49155b3e4a65c04deffa698fca9e7d836c472752869f7b3442a0505302ef58a1
SHA512 c376b0c34d95a6f8375998b84faae92cf74e59c6e7a27fd9a74eec0a3937c5b7b67c45dcc39f1934d9764e688cd169de85c942935ffa5f8800b3708fa628e655

memory/1644-646-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:16

Reported

2024-06-13 08:18

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe"

Signatures

Renames multiple (4874) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.MemoryMappedFiles.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\DenySelect.xht.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\uk.pak.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEIMP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN120.XML.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6c130711aa9829901ccda0273c579fd0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1368-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 149a7158c9cb5d7875e9c5a441ed6e62
SHA1 d0d4267998170a7d80c261e2c7228181e7ebed5a
SHA256 6cd8817eaa80e604d8dadd88ccb5bbce6f1f964420fe3a42c9574a9cbb778382
SHA512 1e178cbbd21481ec51f623ac77149f09d9798c7188bf179cd31712afdfd812036a409122709e4d1e9b9fc5e2c1c1a29aff450315b3fcfccba1c0bcadfbdde71b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 bd19397c0dc804926a7c282ec3a8d804
SHA1 51468941084bcdc9cfa465676f0a392c8015ea2b
SHA256 10c44993639615bd3f8fda27db6a27e1e9c4972004ad031b509f10eb173d396e
SHA512 b25abdb17e3d0754b48ec3c4cd74977c0e72224a195f6903642f1ede6698e182fd0e407160a181eba309ac4ba101034fcc6145dc8a493afe96e290974c9412e5

memory/1368-1792-0x0000000000400000-0x000000000040B000-memory.dmp