Malware Analysis Report

2025-01-03 08:28

Sample ID 240616-2q1kyswckp
Target 173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe
SHA256 30fad43345836beddc57bffa0333fbb7b602746fabf34836efc6273043d2c4e9
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

30fad43345836beddc57bffa0333fbb7b602746fabf34836efc6273043d2c4e9

Threat Level: Likely malicious

The file 173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3645) files with added filename extension

Renames multiple (5293) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 22:47

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 22:47

Reported

2024-06-16 22:50

Platform

win7-20231129-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe"

Signatures

Renames multiple (3645) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tt.txt.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\mozwer.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\ConvertToMerge.vstx.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Atikokan.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\GetUninstall.jfif.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\en-US\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe"

Network

N/A

Files

memory/2216-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 9491ff4188983671759b5e9b6377c73d
SHA1 b435f878a11052eca4e6e87420ab4e7ea5f121bf
SHA256 6b6070935a19afa60bec4485b9718cc609ea85db65e9268a06abfaac3baa9e02
SHA512 d3421a522f3a6686557e35440178871db37fa3385ad7a72c2af7d1a963824882d350a2c7b0352a3189b8b9b754aad6a2f5d8190e7b43763f274edaeaec86547a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f99680497c5f4e57809c65f2756929c1
SHA1 a40e0fd60e77954e572095f348777364048837ac
SHA256 b62c44e56e249a8392b715d2dc74ddfa7f3d65732ba5c9bcab22fa2c7e7f2f2e
SHA512 26ecda19565f24a660ee9168ea7acba34c0685167e66b5e43c4809ff5fe0ba2a16422ebad80a6f1f4f6b6c84727e006ded8c749cd2ca4df1f9058018609e846d

memory/2216-76-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 22:47

Reported

2024-06-16 22:50

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe"

Signatures

Renames multiple (5293) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmuxmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\XLCALL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sawindbg.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\gl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.EXCEL.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.GrayF.png.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.js.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\bn.pak.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\173f98a15e64d6e643e32775bbd05730_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1580-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp

MD5 ea944257dbaf9f23ddb3c5620d6b59f4
SHA1 a00325738bd0182ff5b0b9bd44a1d9992259aed3
SHA256 80e6ec49ccc1dc17573e2c046528d308ef7b41e33adaa8a1fbfe62b739667060
SHA512 33a27cd5f85bda207b720d24803108b8aa3075b980b89563ce01f0c1156b0c7bef48255e1214daad90027741724b1855ae5828c6af612974462f536e72f1ee37

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 5ac7fcbee9d41914ba2d0f07544611e1
SHA1 f1be3673b89e3c005f1cf32f1f5e442335b5ac90
SHA256 ffc08006937305cf04f9535e841b2fddf449c3a7e242993a9e9f758c43cd402f
SHA512 9cb801ea86becba93d76dc46c7bc1091ebc1111b83f65cca37a053ff7d80909d8954e18b592ce89de0047d068b7f1ed02b6e44b8f1044b551a4b1a95e83b4ca6

memory/1580-1122-0x0000000000400000-0x000000000040A000-memory.dmp