Malware Analysis Report

2024-09-23 04:31

Sample ID 240614-ex772syern
Target a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe
SHA256 badb5f9b6d027fc3a25c0d7ccfafd11eb73154614717f1eb265d6c2e860827dc
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

badb5f9b6d027fc3a25c0d7ccfafd11eb73154614717f1eb265d6c2e860827dc

Threat Level: Likely malicious

The file a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3761) files with added filename extension

Renames multiple (5235) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 04:20

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 04:20

Reported

2024-06-14 04:22

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe"

Signatures

Renames multiple (3761) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\wmplayer.exe.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadco.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\service.js.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\descript.ion.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe"

Network

N/A

Files

memory/2548-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 718e17a45734eb464336f122379d54e9
SHA1 6c279f7de47b8950990f2eb1b81bf0f58b53b663
SHA256 c7565bb7f938a436ab49b69814d38fb0a54d4c3af880f202ccb263e735f61707
SHA512 d172315362c364dab85e568ae6fb7056b606ddee92369893b2bc761eaad9f59e9eaee66d268dbd766772b5c6ab53fa231d8e4a672c1e2bd6361d7c6854c2c36a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ed2b621ad79b3744db4a064f7c1ce000
SHA1 0b6c43cf3548e9a2e127ece1d5ec3ce01a40b095
SHA256 ab568c3821fe61f50af0a498e41d4d80b9b4d2fa447eec113d319ed8bebfbb88
SHA512 331b130e9b6940c4b141a3029d6e4470bb09e1a020ed14a98aa409162ac49c4752d4f5232a5d4ebda79a9e1eb5bb6beb3dc1e01377223ab4f6712bc2a5ea5106

memory/2548-654-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 04:20

Reported

2024-06-14 04:22

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe"

Signatures

Renames multiple (5235) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000050\FA000000050.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\GrantBlock.zip.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\StoreLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PG_INDEX.XML.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\nacl_irt_x86_64.nexe.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\a1b200d420ea0e0720cc99fa123a6e40_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1272-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 6f819bbb7dcb2da2d8ebd3bc3e6ba7de
SHA1 32d953b00a486537ec587298e36d270701a335cb
SHA256 6d73fd4eaf710c0748bb3c69a27dd836bf54e2078f6b71573381986be2368a23
SHA512 483e87b7b81fee9e7858370a6a9c6276bd42b522518e9d096f6898a18ce267464cea672b6594c8d7515e729675977538ffdccacbf9772e14bfa86b34be80d372

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 226fba38d23035525cf8e375c079cf79
SHA1 512b2a6729da7314758bd4d91de457df838d74e9
SHA256 7393c99e0c2ebf7b9fea5513e6de7bc86a6fe0f73ef24f1fdb34e568c3b4abcf
SHA512 b8800b72309073547bfcbdb5836b27cbc88c6d59d52e7751fbb50ce1da6286d1ed63a8644ad9a17590eb4248cce727fba0d674d912e9e582af48628ac5c4fba0

memory/1272-1952-0x0000000000400000-0x000000000040B000-memory.dmp