Malware Analysis Report

2024-09-23 04:43

Sample ID 240614-bqy41stbqk
Target 969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe
SHA256 d5ef0b312125df0012609f2950a23197a9da9bd12e7a0446568c9d5eff38f96a
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d5ef0b312125df0012609f2950a23197a9da9bd12e7a0446568c9d5eff38f96a

Threat Level: Likely malicious

The file 969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3511) files with added filename extension

Renames multiple (4980) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:21

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:21

Reported

2024-06-14 01:24

Platform

win7-20240611-en

Max time kernel

149s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe"

Signatures

Renames multiple (3511) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\DisconnectLimit.css.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\PhotoBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\45.png.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ky.txt.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\PhotoAcq.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\fr-FR\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe"

Network

N/A

Files

memory/2024-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

MD5 0c42b70bbf7d6f1cff41964aecbd908b
SHA1 00e3d302bcc673853836f95e94fbcfe9119e1d79
SHA256 9812564c732fd7276d54f8acc9e6346c7e5d359f92a378d205d3168dc98fbbf8
SHA512 f8dc4aacf62978083b63b15a9dfd8c5e1e3913bfe720fab3de85c297ef333761eb4ea6835a4b14ef699e8bf2b84971094bd6b025fae0cee0a2e4f6e1ce57b835

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d018baabb0c782bd7f4dbc5756914dbc
SHA1 de299e3e4cb0fcdce5074c4a4ea4ed6bd658003f
SHA256 c6111d715be5271a3013290055d3400599dd1670bf1b5f23c8ca70bb5440d4c2
SHA512 df0cec416d534cea99ed84b2fb85342b1a4859a9b887f2963a07152b27b8c4459837cd84ec59911c0a748fbfca03857386ef31beb8f42f787425c66633240aa4

memory/2024-74-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:21

Reported

2024-06-14 01:24

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe"

Signatures

Renames multiple (4980) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFUI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Microsoft.Office.PolicyTips.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hi.pak.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL115.XML.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\969350891583424e0b98d26cafdb2180_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 89.43.201.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

memory/2392-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 735e2faa99c04513888255515847bd9c
SHA1 d3ef6029ffc6ef89e93db6f7c480ef41dbc487a9
SHA256 aa75b96256321bca45127b86b9b2ffda5f1080d9a1ea0de9835102bfd16a9708
SHA512 80cd73d107136140dcdbfeebebbe1c3404bdb8d53dc4b3cd543c3f3bdd5be04ca5cdc08dbfae295dcf34eb05f34ae0ee9a5f0f19cb8220e3f7147a5aa9e59b34

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8cc95c6aedbb126c77a90416f88660fe
SHA1 b9da4e3001f3aaf4d5b6debf47855569d3879290
SHA256 34dbdd219b52b2c8777541849dfb94877a7efe0240e88955db0eeaacb52b00df
SHA512 53aeb4416ab49be909ec53f715956381b7d18bd2758439d818f3223eca73cb324bbfdc78f6f987930e23e6c2ecad57938159c84268a14723d1088f93ff5f4fb4

memory/2392-1104-0x0000000000400000-0x000000000040A000-memory.dmp