Malware Analysis Report

2024-09-23 05:02

Sample ID 240613-j97jha1bqg
Target 6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe
SHA256 a83bab1fa9d240aad9bc131d1ced1a8484f6d9879ae0f71fa44097fbf452230a
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a83bab1fa9d240aad9bc131d1ced1a8484f6d9879ae0f71fa44097fbf452230a

Threat Level: Likely malicious

The file 6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (4850) files with added filename extension

Renames multiple (3436) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:23

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:23

Reported

2024-06-13 08:25

Platform

win7-20240221-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe"

Signatures

Renames multiple (3436) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Graph.jtp.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgrain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\Common.fxh.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdav1d_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\MediaReceiverRegistrar.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe"

Network

N/A

Files

memory/2856-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 586cc887e567c3530b606b87c6b37fb5
SHA1 fa8362e8537266ead7faab9760c4e46ff46fda95
SHA256 36a0e10a8af82c092c4c653c179d06d20568f1459107ee738b17aa3302424006
SHA512 6f73e63beacaab837bfdce45c9f85e32cbd01f2fc96da7fe938a35cb27563441d27e0ac1697a06a595c48f20d495200ee8eff00699d1548adb757cbaccf9f21d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8429a386143cac3fbb4022363db12cec
SHA1 766adb912040b21d7f74d988fcbe8f2410ab4d4b
SHA256 d9441d1e4155b46ca1bfd7df64154fbc54bc0946306d954098a219d356a8e825
SHA512 fa92d7e70d98345e8f29c05faaf5809d4e147d4b451517f33ebcfe1e7e19d04fbed600a2729db008ddee974dbef27b0e504f106b4ead1149e623f7b4221c5e79

memory/2856-650-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:23

Reported

2024-06-13 08:25

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe"

Signatures

Renames multiple (4850) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql2000.xsl.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTOCOLHANDLERINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7en.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN102.XML.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6c80538fb96ecb3be8f29db1ca2e8060_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

memory/4932-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

MD5 cac4b22fa30622cf4f0cd01eefc4fa26
SHA1 6a821b51c7ef8bc8dae0e5787ebc14d0ebe1ec1b
SHA256 5c7dbe3ba33d8e12a9a4dad10da6940c504da967deca89c65c07af1674847d80
SHA512 33424c15cd86a2a29e73c925afbe9cce8c26f06f51ae3f8f2319154e98ad4ce6f1974d803e67d68aad03f2bd9cde45508c750ddf74f6c8d55c988aea25e045c7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 df20f39ef00dbbd82f4765df248aea8d
SHA1 bde6f09d3c3916935ef9f0a1d45927c17a10cb39
SHA256 56b621bc9e7730e2d704e529c608f1535b311e47354e73cf55edd20aea9ab1bf
SHA512 77d07d8c41688d8bd584868b5b0cb303dd65b98850fbdcd501a34303cd27d58d44a5bae1b4258393a4604330cfa809d18cedcfd7cea47c2f65dbf4aea194a790

memory/4932-1756-0x0000000000400000-0x000000000040B000-memory.dmp