Malware Analysis Report

2024-09-09 20:20

Sample ID 240614-b3eadatgnn
Target 97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe
SHA256 e6f3a9388424070978e0f88d3f235a2126cfbabc61c51d9fd93073b89f537ff5
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e6f3a9388424070978e0f88d3f235a2126cfbabc61c51d9fd93073b89f537ff5

Threat Level: Likely malicious

The file 97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (2700) files with added filename extension

Renames multiple (4656) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:39

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:39

Reported

2024-06-14 01:42

Platform

win7-20231129-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe"

Signatures

Renames multiple (2700) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ja.txt.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1276-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 ea0fbae5c53bc308c5b8203dd5336cd7
SHA1 66a5267a19a3de88f7fb9683ff61ea03f4500131
SHA256 161f300df236d60ed2ea0e08d6eab63cdc5eac0a57f0cf8f4263cfd16fde5841
SHA512 cab665bb8388ef9357c18225158a75637937686ed12a47cee9d792bfcb625ab1b523a6ade9f6f100753ddeb6070722be2d563f11b7a4037c0d29477dedb10d59

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 e70866f9ff5dc9d98a4b49058b605435
SHA1 76a4e0e2341e96b65e9c94e747bd856c316ce258
SHA256 016ca3d247c8588d5aae6dfbf5b0933d27265ea6e771a7c6ad37cd7ea95c43ea
SHA512 f79b3b4b5cb6c84e2912f4f9cd1eb7b538fc5f9570964b25c433f8dbee4ad1c8b754bc23dad86d8dae9a2bf6bb25a4e91edf055a9159e81b5eb37d6c74bd34a9

memory/1276-352-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:39

Reported

2024-06-14 01:42

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe"

Signatures

Renames multiple (4656) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\97d84c8d8a91f9a4f9d4ced14e55daa0_NeikiAnalytics.exe"

Network

Files

memory/4724-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 93a89766e41d4648359c32dbeb47a00f
SHA1 9d87793180225231c28c33643d7913e8b52c1559
SHA256 f2f04ce1ca84d4c6bf04ca96c6578dbfd4631aa10f63e3feb19dc3f46e4d0234
SHA512 43176ad3bc46092d3f8a246e9edbe39a277f55ad54280ac7905536a282a089d11c962c7097becb8262fd5a08ddb0d58719153bf7e14458ad7b58921f753b4dad

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 52350f8be91fe82e5199f5e101104ab9
SHA1 52c0c5c0d51bb5a093eea0a87421f161b12984a9
SHA256 2a9a2308e3ac57d9327b508c90ef8db5710faee96fcaae277fade48ca21d7eb7
SHA512 4c4d098b65dd90f551120bb097b21a47f8ba5c48238535b93b88ff07ac799f50f2c1055509f6135668b49c135b2f66ad260c09f8525c9c326620ca5f77aad064

memory/4724-1612-0x0000000000400000-0x000000000040B000-memory.dmp