Malware Analysis Report

2024-09-09 20:20

Sample ID 240614-b65xha1ajg
Target 986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe
SHA256 b61f6e14065f13bacdbc94b0a7a9ef9054281fac98203359bf20820408bf4078
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b61f6e14065f13bacdbc94b0a7a9ef9054281fac98203359bf20820408bf4078

Threat Level: Likely malicious

The file 986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3453) files with added filename extension

Renames multiple (5103) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:46

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:46

Reported

2024-06-14 01:48

Platform

win7-20240221-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe"

Signatures

Renames multiple (3453) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Portable Devices\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Tijuana.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Mail\de-DE\msoeres.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\MergeConfirm.mhtml.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libmarq_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libty_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2220-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 fb8e3b2a1138457cd3b9167581add297
SHA1 064eb82044d4eb0f6f9a15d374e750cb6dd6851c
SHA256 8b6483f6aa5596b0532cdc78eda167be158ad4e7520e7c4e9b28a8669d75959e
SHA512 97a2895ed5a12835cc01158825bfdf2acd2ba2b1e1ed34bb1b1ec8c91958eafafb780b23a9f09684a30751a2de2fe3fd897244fff82e28a4dde7b55ef446c180

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 cc6127ad43cd024354a17c0b96293e90
SHA1 e80fdec6e49501ea7f0e41d578b6433c3784bfb3
SHA256 6937a30f240956d0e62518e89ac0a5676f9e3dbfc2c88bda4bd4095f6dbd94b2
SHA512 8db5e7fedd7c2f9cb58e258cff00068a16724287c33f05f8b88f8dc251011cf6daf6e96683bbc939758a0e3c93af4ece199e9d7b7f62e40f07a677bf64e2b6de

memory/2220-646-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:46

Reported

2024-06-14 01:48

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe"

Signatures

Renames multiple (5103) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Resources.pri.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\LTSHYPH_ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Overlapped.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\986a1f5e04da3a2093e9a75cbe92a4e0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1296,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 17.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-3665033694-1447845302-680750983-1000\desktop.ini.tmp

MD5 5005fa16ebeacad3088370794c8e14c2
SHA1 ecf5508c177528e03cd4293e2b8767e4f6303f01
SHA256 82338f7ed136f4798bcc1905ff73551fda69b64a41659dd3884dfc861a40c4ae
SHA512 4ac18d07269634fd46ea65ca7922cc9d5643f7ee61b0d9592d2f1fca551065a8399b8407c2c28b16414b4441afe592b104ba6413cabeb710cdf457d04d7e740a

memory/3772-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 2a3d730b8df08fb117c65157d929fac7
SHA1 3199a38f13e6ce88e869f376bc5156618d809a1b
SHA256 b1b8bc743b517dc3ad06b3f056898d2dd607ec4bdfc32dca1f5019c326b337ab
SHA512 04cf135ccd7083937a55dbd299c3ad047521bc559be106dc59f71e8259a7f73119fac059b0663c4df8aad2216c289a8bd77f50606dab32969f57b9d4c33f9fa1

memory/3772-1910-0x0000000000400000-0x000000000040B000-memory.dmp