Malware Analysis Report

2024-09-23 05:01

Sample ID 240613-kw28aswbmk
Target 6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe
SHA256 b03125de0a9ce81c3d76d175552b7859a53f72d8fc8b16513722868384078d4a
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b03125de0a9ce81c3d76d175552b7859a53f72d8fc8b16513722868384078d4a

Threat Level: Likely malicious

The file 6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (3854) files with added filename extension

Renames multiple (5347) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:57

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:57

Reported

2024-06-13 09:00

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe"

Signatures

Renames multiple (3854) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-H.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ViewerPS.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado15.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ie9props.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\eqnedt32.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\slideShow.css.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\penkor.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santiago.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\DAO\dao360.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1484-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 28ed2066e8b3d28b449db17fdfba2ccb
SHA1 1c087135699137fb1e1eac4141d47933892aafde
SHA256 7aa05900a5f11b6694d91e39c261ce0f3edc125e05348ca23bbbad575b8a427d
SHA512 fe1332911e104fe8d3114ad691182a09b0571f398f897b651f35142a31ebf19561172304c86df1cbad0d8334de13606c40f311c25d2d7b6b26be87eed2e41525

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 918beab9ca8c7f6ac7edd1c9bcf548f1
SHA1 8953dfda9f86018283c452e8b3f1575911c36e77
SHA256 7ebf374d9f321d8ecf48cc7f573312ebaa4ac81df12be77fc218102d7e694454
SHA512 16339a396e900e76a79809fc46ba521aed00070c6b6ee5974226054c9eb2057cd0cc932cc69c5d7834e6438ea52f2c4271216840745adda770559751e4f26b58

memory/1484-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:57

Reported

2024-06-13 09:00

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe"

Signatures

Renames multiple (5347) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\XML2WORD.XSL.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEERR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ChronologicalResume.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Services\verisign.bmp.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.GIF.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL117.XML.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUABI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-CN\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Blog.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\6e9ccf445af62a7ed7c08764a9eafdb0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 52.111.229.43:443 tcp

Files

memory/3412-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 847773014fc2e4662bb7cb513575d282
SHA1 58459f9d02c9f7308f12670881926b23d59596ef
SHA256 4315fcc365fc6b215d7dde4a35121b8dbf4b054fd1c1db4e1689164cce030dbe
SHA512 3b2e48778bc888b2385cab1cdb30f172893036232bf016466524139d829fed1b17189fbc2c0b618f772fc8154919972ccf89d28d5b4d9a1f836dd40f04e58623

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ae1cced5da2d2567fd03f4fdedc04fb3
SHA1 e6a3c04ab0900305915b759636b986405aee31f0
SHA256 42af3080e04adeea82b0ffe6064b5d6a58d0e512a6f8928da918efff6d769cf5
SHA512 327817b2e793e56e603e09969464a72d1f05f21d54b97c5996a69c2f5ac695b8c19ccc820131949db4d263ee66dae50d9fc35b7bd37a93d2b000dfac9289bbeb

memory/3412-1214-0x0000000000400000-0x000000000040A000-memory.dmp