Malware Analysis Report

2024-09-23 05:02

Sample ID 240613-kcye1a1crb
Target 6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe
SHA256 5cce93e219f5242ab960de7b1071f95dec3c669c2bf3c52fd27b08f25188ef8c
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5cce93e219f5242ab960de7b1071f95dec3c669c2bf3c52fd27b08f25188ef8c

Threat Level: Likely malicious

The file 6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (5287) files with added filename extension

Renames multiple (602) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:27

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:27

Reported

2024-06-13 08:30

Platform

win7-20240611-en

Max time kernel

151s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe"

Signatures

Renames multiple (602) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\ImportGroup.htm.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\iedvtool.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1752-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 244631a907b4b68b183b28171efc89f0
SHA1 5889e85956d24a2c57f06d12f22a5331967011c0
SHA256 6e7b3128f0ccabcba66b3ef38910f7707156cd3a94ac1617e2e362eb431cc357
SHA512 1430e91323b34614c08bb35eaf75b30b5b162b7bc46ee9196915605753d2dc57094ce13d15d5adca23a0e9db6d2265300993d56f312dd0d437b64bda3c565af0

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 581960740ff6da6081765bc5d7e6b6c5
SHA1 5e95e613819bfd5a75ddd11819d3fa931d57bb4f
SHA256 0dffce75fb852b98610752e71093e714e8ec0b9774da4175378db0a1061f00a9
SHA512 59c26a1ed1e7652825cb0d09c06419122116c63a2bfe7145e55b891d964b321723b1076bb2d410512393acb6151c0aab05f94b45e3c6b9be77d663bedd21793f

memory/1752-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:27

Reported

2024-06-13 08:30

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe"

Signatures

Renames multiple (5287) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN048.XML.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYHBD.TTC.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMePowerPoint.nrr.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONWordAddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Word 2010 look.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSQRY32.EXE.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL083.XML.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointPortalSite.ico.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_school.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6cc9b72e2d239ecfad911534ba3669b0_NeikiAnalytics.exe"

Network

Files

memory/4584-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 4c72b47d4ec1a7c319bdcf2cdf1f404d
SHA1 ae7e08268c1668311b10ade38e5088b351ae9b43
SHA256 64a797ccfb30b529ba9e59a18600bf5f5e584cd675e347c0559cc35c97fd7206
SHA512 ee9eb8ac4aa203a5776d647ba0784a7128efe7db813e996d899854a72d6270cb3c65877da4444b67e38e3d99a58186bf32e151ad8d4f38220a9838046fe6e6a2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 37c17d23b4d22f16c7b63889449a7e15
SHA1 978f0447bd9ddb9c2975ef6252419467174cf2d7
SHA256 82b0a1a52883abb3012f2a32b617ddab9788bd3286ce98357293156faf48f515
SHA512 e9587b06aef62335c99dbf1b52b5ffc1e221aa91f6bf1bfc8504bc335c2d08f9cf3d73c846de73130c8aeb786c1a6f93b0aaaea656af820e7960cbb223388b03

memory/4584-1970-0x0000000000400000-0x000000000040B000-memory.dmp