Malware Analysis Report

2024-09-23 05:01

Sample ID 240613-jeg1cstcnl
Target 699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe
SHA256 6b9f72f8b5e23091827596468fe3e843d10db6e2b1d220d379e8231c14346aff
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6b9f72f8b5e23091827596468fe3e843d10db6e2b1d220d379e8231c14346aff

Threat Level: Likely malicious

The file 699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (5341) files with added filename extension

Renames multiple (3725) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:34

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:34

Reported

2024-06-13 07:37

Platform

win7-20240221-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe"

Signatures

Renames multiple (3725) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_es_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\UninstallUnlock.ppsm.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_floating.png.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ug.txt.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpCommu.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2600-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 ec6256598734883059853365644d924a
SHA1 f879e71915c01d652be37ff8bf4c0fc69203664e
SHA256 a53e613ca538abddf3b1c3e293b38a8965d56104b05775297fec383fc83a3ae3
SHA512 10a89c712ac76753b2f9f4a365c46bc764d8d2ca678d0d4b4c6d4876ade2db909db95522e4ba90c9809bfe3da220ac63f02e766e3771543c94dd5f61c1b85d0e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 07d7635d5b95df4c84ff8a97eb2afab8
SHA1 e0ec35cfb8d22a5d3bf587626e2732c762eb4994
SHA256 6b502ab59060d7036bb0bc8d801aa1dbd8c715f8e2940b11dc4fa5a45437d755
SHA512 23d08a15d4dca3502524a0e915ac423a86a2c5c1a2e078ad22f64eca5b4b3e0bc41a1381f6686229bcdaed7c3b05ba8d22ef30a7d3ce6b9de445078c110ab3f0

memory/2600-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:34

Reported

2024-06-13 07:37

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe"

Signatures

Renames multiple (5341) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\JoinRestart.ppsm.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\msjet.xsl.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\699d4cd2f2ac971a9a8b4d76579be9e0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/4180-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

MD5 897acdf7188e671ee672b51bf6b2b71e
SHA1 affaec9d82ba65b9f6543d149d532535d60b0a10
SHA256 126377caf39e8916c6094cdb659f70d6b6e763b5d9d1a4ac9df5478e2f302640
SHA512 f6a813dde942242aed5a02685029bedb97aaa67b8fb3e6ced8ee395a24d281f48d1f6bcb3575be9341b11714bc75965dfc5160ceb8a81b2ea9621ebf68d546c8

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a12e3b19655f4728d4d458dfd01383e1
SHA1 1b1de22d2b5416de6b3ea71dcb5597c754a0f594
SHA256 25956cfd31a0792f909b13530330138e5b2fa60dbf1f5240a4dda079bb9ab983
SHA512 6b889d8ac1f3ca3abbbc1984b61da45329ac4262a5b888ca4b09fdf73d5e1c0e5177823c8801ce5e571b519d534f4dcbb412301246bfcb7f328ff6eb23e6cb8f

memory/4180-1224-0x0000000000400000-0x000000000040A000-memory.dmp