Malware Analysis Report

2024-09-09 20:23

Sample ID 240614-dzsppstcqh
Target 9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe
SHA256 26c2c8589d6bf396f677486e03806b65ff6daabdd9e66f091c14e3f69d3f867e
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

26c2c8589d6bf396f677486e03806b65ff6daabdd9e66f091c14e3f69d3f867e

Threat Level: Likely malicious

The file 9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3657) files with added filename extension

Renames multiple (5240) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 03:27

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 03:27

Reported

2024-06-14 03:29

Platform

win7-20240220-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe"

Signatures

Renames multiple (3657) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\clock.css.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\SecretST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows NT\TableTextService\es-ES\TableTextService.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\vdk150.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\de-DE\Sidebar.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe"

Network

N/A

Files

memory/2000-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 ee45c93e3ac831dd39dadb2e97216b9c
SHA1 40d125866e96058704e59a3808960f2a81d9d27b
SHA256 d05041ae84caaffb5290f17200d9ca929a05ecf6b03370d9c7a6b0f1504e09e5
SHA512 e73c491c085aa90351895d35b9ab7e2a4383460a3506ee641ca398df09a560834f65e77512bf2bc4f7368351e4942594a405c6c2d66f7d8c419481086d4d1445

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 08b8235def6a0047a86f6d3c5aca7b16
SHA1 7c7e40b61d81cfaba3caf79f533722c3ff762e1e
SHA256 c768868cc1c5bf1a9bcd65f141e87e2136430036e150fb1fdbc80b4ad145203d
SHA512 1d55c1281e9f56845dca8e74c30b1978103ced300dc6110999d6d87a5b6ecbdfcb7dee2e7c5823db267410a0ecbf350f7c223ff9c01ab7021b6e15ebbbc7dafa

memory/2000-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 03:27

Reported

2024-06-14 03:29

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe"

Signatures

Renames multiple (5240) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_100_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.AdHoc.Shell.Bootstrapper.xap.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART14.BDR.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.White.png.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\9e9b6361d288eb8dca07a44f22428c10_NeikiAnalytics.exe"

Network

Files

memory/5028-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 b5e2ad663593dff78dba06819886dcf6
SHA1 271426b8389649ed00a99da616ba4f00285f8200
SHA256 63787a97a17eec4f4cd63552e2754ce3fb05c10c4c61a59e6c605a8be0718e24
SHA512 def7040386401a8a7b82af28c1c7b4e9fab025dcea380b33d2720c982f1feaa41d412320c20d83d371df29f731ad5f97acc7be8c935566a2ea16c8906d3a19e3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2be7cd11ce7d5fa1c47eb522bc74b4aa
SHA1 a52ce209ce7a5b0cb65c78816f0f59b6eac05c64
SHA256 0b6b01fa719382ab51d092f6b17d35f011c7ea954d408516afed8a413bff2909
SHA512 d3de87575d3f1afe4c28f7a7cac17bd63a13355c1c991aa704601dcd4f671fb5ca1ddf46ae384b2d9a45d14870cff0681a0fcd48fbe6f8f5f1abe34339248ecd

memory/5028-1193-0x0000000000400000-0x000000000040A000-memory.dmp