Malware Analysis Report

2024-09-23 04:58

Sample ID 240613-lsgmvsxdrn
Target 71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe
SHA256 6c5cdb46e6df5982fe0ae32142f1e80b369812c7fb6fdd15236a2e7574ffbcdd
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6c5cdb46e6df5982fe0ae32142f1e80b369812c7fb6fdd15236a2e7574ffbcdd

Threat Level: Likely malicious

The file 71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3149) files with added filename extension

Renames multiple (4651) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:47

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:47

Reported

2024-06-13 09:50

Platform

win7-20240611-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe"

Signatures

Renames multiple (3149) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\omni.ja.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\InvokeRequest.ttf.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe"

Network

N/A

Files

memory/2024-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

MD5 a94a422cad33126f4d0ac3a2cf36b7fe
SHA1 ea4aa805741c126f5e8315f5a76a8f90f184f537
SHA256 f697298fe3f797e2fcb0a6b9576cb929263f6a0f18d705850487d0520fc86058
SHA512 054b993405ee885ace051eb6cfb7a4dca86452b350710a830896378ad959793788b122c8f3f286be1e8d862f9ba707250731a19d83d5f7e8813af5ca2a8fa043

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 36706d776618d32519f7186b0054a9c0
SHA1 0f5b8554425f8281bcfce208b5f89ad1b7252b83
SHA256 385a2d7495da739a4fced401a437c47388b3fc7477c15b053783edc195c64961
SHA512 dec82b89f591116fe4af18c50aa53811cd385fca577919ea58179a3e6d42d32e78d3f8d5e2436a0dc0135e886163bdfaad61dc3c91f56bce3fc0febce8adbddb

memory/2024-388-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:47

Reported

2024-06-13 09:50

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe"

Signatures

Renames multiple (4651) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\71c39fca938148cf0d415bd4f7bc5260_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/1176-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 94eb2d420390a217897bcad8fce63524
SHA1 bcf3e588cd075358773ade7fad0f4ce78d319135
SHA256 e63cc5918926397a8f83d5c0a18d33ad77e279dcd2c9a34a1d1554fbc9b2e2aa
SHA512 32a6f920e0f0d3b02a5f55a2cd90853fd81426e9a7d438a630ed94c9c78fd0b1b5f7dc4c605fb33bced3618a217191cb04488be32ec66039d93822e64f764fd8

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 865b506800559b48781066c5c702b5c0
SHA1 acd21c4761400a026b2825b6773430c4ba947dd8
SHA256 e6a9563121bc632d59cbc233596663a2536f2b914d4b2b0e14de2bf0166b6966
SHA512 aeb858f0d33a7571723eb41701502dbe906bc15203bb3e29cafdbd13b1d75a268364e0abf6e8ab8478f8bf6d083d61376c1f4087e91a4eb69cb64baf73f3959d

memory/1176-1520-0x0000000000400000-0x000000000040B000-memory.dmp