Malware Analysis Report

2024-09-23 05:02

Sample ID 240613-jrcleatfpn
Target 6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe
SHA256 824164c95c4a311b0fcfb21a0463f0de6b3cdd75c31f85d07499a4feb3bc10c8
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

824164c95c4a311b0fcfb21a0463f0de6b3cdd75c31f85d07499a4feb3bc10c8

Threat Level: Likely malicious

The file 6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3544) files with added filename extension

Renames multiple (5310) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:53

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:53

Reported

2024-06-13 07:56

Platform

win7-20240220-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe"

Signatures

Renames multiple (3544) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\GetRegister.otf.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\updater.ini.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\Accessories\WordpadFilter.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2064-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 14be66dbd42dbee52e9ad0e392edd7c6
SHA1 20dc4e37715ecf7bf7f890c4d51e6a5fa6121a83
SHA256 ad771b7ae89f55da45d7d885b58bd425f58cb9d2fdcc307a9cea403eb90ac297
SHA512 b07a8023daa5c880d3952a98a8db083f255e0893b6a2c0f07bc1127a52f26896b1676d0875a569ca98cb38a2564309b96bedcec5794ae387e6cbd417e4649737

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 5fd804aa5032c5a27d00fd730a81d030
SHA1 6b66e7dd8095b1f501acec5610df3dac7789d16c
SHA256 128616e0a95fd78912307c6948c60d81e39bdc6fc56d9408f784eb31ef81ffd9
SHA512 c698a287412903324324d41feb7f96d8df607d1680bf73cebe0c743b25f8ee10845bd20c08316b9bb53a78c96a6b0182ea32728deb9ba6d1d023fb343f9e2795

memory/2064-74-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:53

Reported

2024-06-13 07:56

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe"

Signatures

Renames multiple (5310) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL110.XML.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\WINGDNG2.TTF.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\ConvertWrite.cmd.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.SETLANG.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql120.xsl.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSYUBIN7.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\EditJoin.jpeg.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6aac4c6812f2e2cc7707d8c39f9c1df0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/3200-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 81c2df2df8ead4a6af190b6a477d4995
SHA1 29b8508e9a9f4a47b41a8a3e714c5592517d2024
SHA256 95ecd655259490dc6bc1c0e99cb6b4aa9fe86572e9202cc9da0486e54598f6b5
SHA512 6f5972ba86a48c5f5c42344efc48e59fc4c902b6a13f17858523ddfd68ad203e9c259c5140ffe0ac740709fc165ecfe76168803f0efb9f364346b353e273cbaa

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 0bb2ff2a8fcc466da83af74cf88f2937
SHA1 6912e8bd2fc9455224023665f32ea954117e5e63
SHA256 3d9acf813de0acde78e788be669f478fa874d5099d64ede265c80134d94d980e
SHA512 3b058ede4b614aa4fd9f46cd7ebc4307c7982635bac9d781f02141b5804553eb8c64f7010ff7c77bff7172f87b9c40e13892f47ba143a9b497e0f3c84029602a

memory/3200-1218-0x0000000000400000-0x000000000040A000-memory.dmp