Malware Analysis Report

2024-09-23 04:36

Sample ID 240614-cntxysvhkj
Target 9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe
SHA256 2efb2e5e5752b5a7f09f45d7d3936546e1cf65c478bd402a801dc1b1275ef6dc
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2efb2e5e5752b5a7f09f45d7d3936546e1cf65c478bd402a801dc1b1275ef6dc

Threat Level: Likely malicious

The file 9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3744) files with added filename extension

Renames multiple (5191) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 02:13

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 02:13

Reported

2024-06-14 02:16

Platform

win7-20240508-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe"

Signatures

Renames multiple (3744) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\settings.ini.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeXMP.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Tijuana.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\wmpnssui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe"

Network

N/A

Files

memory/3016-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 2f87c07635e20f54d28c0ba96a3827aa
SHA1 9b491254c80da4962f6778bb78fe7c7d0a6c40b5
SHA256 b09deb84bb17caab11075bc1b58508d257d1bce526b014a6150f15bb3d7e933a
SHA512 2507f85692606ba8dfeee608877fc1ed6b4c131aa988a93a5f0dbfc2ad365b3a36cabd0e5c56bfd4468cf336eb0e57e486fd643711d8585bba3492a9256191a2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6092d020dd2dd731e1e578dbb4574177
SHA1 cded58179873393c729ccc523d1ea5d35b6ed3c3
SHA256 3979fc23ed653c2a1f5f5f9338c5e1638d5014b174715ba1830946ab41a52fcf
SHA512 746db267a47157880cefa7d2018222f704fdf0766411014087e3e370e4fc5000a6a0444132adb3273bd486cfbd76ca8f65eb835eab69d10570e0ce0d3fe1d351

memory/3016-662-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 02:13

Reported

2024-06-14 02:16

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe"

Signatures

Renames multiple (5191) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\officemuiset.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.es-es.xml.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ANALYS32.XLL.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\Maple.gif.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9a5501bbb4d24b9f3dc3b206f3cf94f0_NeikiAnalytics.exe"

Network

Files

memory/4536-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 30d768d1b51a27875f02843fc52d20eb
SHA1 89aca61558a8d3483513c3b3c16d97f04311ddb6
SHA256 2167ccb9f53e9d90b75f1e2091093bb2429009b15874ad0c8ae886cf4df3584f
SHA512 a3a422376e65219fbd4aa5d1906d57ce62a35e579f9773aa2deca5005959dac5c87a703d6631bbcbee745a4c4b04687a314287c7cab930bc4ce17399836553f4

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 82141e3d419d8432e1bdb4f7f06ce18b
SHA1 d112104bdb2bbf260a4b8fc4a05c73a66be821b1
SHA256 15ec9286726be104164a0ff632d4b519f624802ac3bcd5bcb30af28546c4e502
SHA512 76e5a2bcd31e8df44e5b4af31a68fbf4eec8b226e0164ddc78e49cc938260a14c58091a5aba616db717989d3bd56b8b540e6666b4ff12a7df9d1055c8eba988a

memory/4536-1904-0x0000000000400000-0x000000000040B000-memory.dmp