Malware Analysis Report

2024-09-23 04:44

Sample ID 240614-bdpd2syele
Target 957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe
SHA256 3fdbe45b9d81689d2f073d2a60bf923e8391c6be175f235dc447272285bf40bd
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3fdbe45b9d81689d2f073d2a60bf923e8391c6be175f235dc447272285bf40bd

Threat Level: Likely malicious

The file 957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (4905) files with added filename extension

Renames multiple (3439) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:01

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:01

Reported

2024-06-14 01:04

Platform

win7-20240221-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe"

Signatures

Renames multiple (3439) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\Filters.xml.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libty_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\NBDoc.DLL.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mp4_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\mpvis.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe"

Network

N/A

Files

memory/2196-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 65f84e6732c6c4720b4e2453ae82feae
SHA1 c2abdc22d60df7a670c12287b59846b65fbac3a4
SHA256 ca892735f5b889fb922a9363a155c6825e2a83f6a33c8f75792f04ee7f551a54
SHA512 133ca06cd9fb8a13faa672194d320829061b047e8a74edda3f286fc04c48c4cca80295af41e3bcf8882ec9328c5b5db7bf77c1e26655e1470b8c3be0bde77978

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 dcdd5a6f5844f96a9a488f0fba11687c
SHA1 558da8df27262388187212d1437cdbe2c727310c
SHA256 865afd4e170f193dabcb32ec16caff4408718bbaed9f34589466b0f811e9bf5b
SHA512 4df6710e032cfe750044cd909532c5b1cb0cb64e0f70cda710a78ef2afb79cafcaa54a6521ea802ee9d451a5dedad6138967b1cf3d985c8ec80073c7422e61d1

memory/2196-542-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:01

Reported

2024-06-14 01:04

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

114s

Command Line

"C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe"

Signatures

Renames multiple (4905) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL054.XML.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL116.XML.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN086.XML.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ir.idl.tmp C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\957b5c7c70d679a944da7cedc610b940_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 10.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/4400-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 25499f40a3d62d3f70af3045037506cb
SHA1 a24db46ec4313f4e9524a0c097eade040847c26c
SHA256 b1910261d6a168a73caa5b4f7ecd6a3b8d54946d817b04bb2298520d82fe9dab
SHA512 3f7cde8a3ac8447aadc363f870db1ce0bb3fd138a29ca0f0b8f1bd479e3d400f01ecb60f946fad6a75f270dc0bcd9618fcc16086b50bf4df08d763b18fb0bfb1

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2b7d5dd1613d4113dc648a25d19f58fb
SHA1 fc854113947fae4680532017838f1058533daf7e
SHA256 fe84532f9463847284ce91f1992e8a62f207b2c8e1844771678bf6bdd35740b1
SHA512 687ab5766534d0c31265ddf2dafecbcf5630df098d08efabc823729df419a42c112a9a65094e8ab9ddde519e3b96afc9ec9f7f0d338741fffd6c530b79c12ed5

memory/4400-1780-0x0000000000400000-0x000000000040B000-memory.dmp