Malware Analysis Report

2024-09-09 20:23

Sample ID 240614-dse52axbmq
Target 9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe
SHA256 222568e7f49c8ee85a7976da7d2d410fe892b9c446fffd0e6aca626a1b8d7cff
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

222568e7f49c8ee85a7976da7d2d410fe892b9c446fffd0e6aca626a1b8d7cff

Threat Level: Likely malicious

The file 9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (1148) files with added filename extension

Renames multiple (2704) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 03:16

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 03:16

Reported

2024-06-14 03:18

Platform

win7-20240220-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe"

Signatures

Renames multiple (2704) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe"

Network

N/A

Files

memory/2036-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 c0cd3d914a96bb52284d318aa09d3f28
SHA1 e3561190c6f0ce6ca586962ea95ae8de3dc827f6
SHA256 6999857a6812fff01a54cd93a1b1a9fe8823fb068d9229356bf54d63c05dc333
SHA512 5ee897c10991b07f2493cea0fae5da73b7120b401f430fd726987723342ae18dc00884e47c610c81f69e438d0c49aaf6a8cacb1c235c2b2d214494015056c657

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f77fb9a7fce3ead5a30f393503703eee
SHA1 b3b295b55a2e167a71fffd9cdd57ee38fb51c2b0
SHA256 4f86cd57d848b0e0a325f59b71751f3bef2bf10f004763ad6ef61a5131d66dcb
SHA512 63dc9e2c340c47c50280df3e9effd7b1c3f17971a7cac4b08da04edd9bc12ba47eebbdae10970ff36540f50b98a477448ee8b9a39c35f1b9409f2d55bf3c7724

memory/2036-396-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 03:16

Reported

2024-06-14 03:18

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe"

Signatures

Renames multiple (1148) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\DismountConvertTo.aifc.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9df4ddb426e4ecfb95da361947f7a050_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2220 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
GB 142.250.187.202:443 tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp

Files

memory/2948-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 b16918009d39afe8404a219717b7c594
SHA1 62b9929ace80f6196e58964922987c2a8b3e9731
SHA256 135a5e194da7da808eb5c1514512299b52760445f1a43aabd82dfb2aa5463802
SHA512 2acd3b8d8ab979fdcabc2ef5103ffbe14dde79fe2326c096728680ce739d00b72fc36beda91460d8519cbbe1636db680efb0608383792f8101fb8bf6260adcf9

C:\libsmartscreen.dll.tmp

MD5 638ec29a641c81fec4770ef10b4c3251
SHA1 11b11961ccd7ce6fc7be18d6f68fa5723425b202
SHA256 def47148b6da6b8192824b1602f97c0f0d32bc70868c0d8a5a124ec3c8f49c74
SHA512 46a8219ab6583c597f3beef1bb2a0b24b5b74e9ccf383c750410c54c4ff57255bdea145ac95a9ea6c41afa44ca3b35e7a3ba0fbfebac860b9a8bd4e632af2fef

memory/2948-308-0x0000000000400000-0x000000000040B000-memory.dmp