Malware Analysis Report

2024-09-23 04:43

Sample ID 240614-c1n78swckl
Target 9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe
SHA256 f985a8505961965a67c3df512d7bad88bce7a00c6ae3c19fe96b4887e4baa6c9
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f985a8505961965a67c3df512d7bad88bce7a00c6ae3c19fe96b4887e4baa6c9

Threat Level: Likely malicious

The file 9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3597) files with added filename extension

Renames multiple (5199) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:32

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:32

Reported

2024-06-14 02:35

Platform

win7-20240221-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe"

Signatures

Renames multiple (3597) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\picturePuzzle.js.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe"

Network

N/A

Files

memory/2104-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

MD5 2686d9ca7e69826a97eaac8a022fbd63
SHA1 37bc53366d23c753e912b9d84a547191d4a677f9
SHA256 0deb4ad3f1fc3cd0a4ba92a95dd7f71238f273d35b6b49551d84cd6324cfdfd9
SHA512 e3489d0a73471213ef0491b4d1c8ed27fcfac3607154282c621ff17ff68263db9316dd9cc5cb2272af259f5926fc5cab1a5d231c730fbfc375d3cb5964067974

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 14f76c3e0c882790e5f76f68aeb28992
SHA1 d8a5a5d6c5b77fe80113dc948617f08e5c43a0cf
SHA256 04448892176471bcf848d38c623a2c15ec19b636753facbec95544150bda840a
SHA512 736d0e7315c4921e1bc219a8aa1f2dbf6e9f26b9a2d019730ea470b43b06c757c5d0ddcc21ee69ac718a255df1fdb6f1f66880edc4609545581aed11501e735b

memory/2104-76-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:32

Reported

2024-06-14 02:35

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe"

Signatures

Renames multiple (5199) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Invite or Link.one.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9b732ce4de9f5137f05c333942a11670_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp

Files

memory/4108-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

MD5 261737ad7a009cf8bc64c5e3f871d834
SHA1 9304604913c527b6811bfd34c97ba9d1f08e5f89
SHA256 3d9c179344bddfb747ad9349ce62ed5a4d50564c82c2294d6b02ec392fd8293b
SHA512 61825771890177ae788d94bb3f57bc71f0740ac3c1262491d120f5d1ed079dc979869ebd2877240eb96e712fcd945363b2b6abd0103cf7e3cb771d76d163a9f3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d8a161f8ccb07771c2bec0f71b0db5cf
SHA1 6f4d87bea87dfc6bd53fe242c4d8535c69ee9bcc
SHA256 bbf3fb208c893db0ecaaf1d232dc1d68abb8e2e0bbc1290f2ea6f1dbf4d7ca86
SHA512 3e1e2c660f95bf071891903f034c0b66e6913d77e335f96c7f6e62608a35fa50aecfe14d119f2e683ef38c5569f9437bae24cf8e0ca610edc1e96f79ff742e1a

memory/4108-1108-0x0000000000400000-0x000000000040A000-memory.dmp