Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-bpjb6stbme
Target c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe
SHA256 46797a7208dea10b685f36eb154dfba37fe2fa91f53159e6e282de7ac940ad66
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

46797a7208dea10b685f36eb154dfba37fe2fa91f53159e6e282de7ac940ad66

Threat Level: Likely malicious

The file c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3466) files with added filename extension

Renames multiple (5198) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 01:19

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 01:19

Reported

2024-06-16 01:21

Platform

win7-20240508-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe"

Signatures

Renames multiple (3466) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\Filters.xml.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libvmem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\fr-FR\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1964-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 5624ec6940b51e94514b6a71ccc11fa4
SHA1 01b45ce4e8742881a643349bf3c1e63d5c12bf5d
SHA256 70ef433560ab1bef1d2d0ce3e29530d8916450463a99ae040e86605c9e9f311c
SHA512 44e3bd3bab29061d2fa322177ea7410379db51bafc1b9beaeb675fc47a465a10d887c66e169f1647d9a3d7fe5018e7b5cc4c2330b2f88009cc2345652c565e21

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 06cb5fc2f87cdc5dca139674351f935b
SHA1 c6ff796252ea98d55b9713d9ba2ec47ccd3c1b0f
SHA256 ffe9601e1a7a138bef9653905aa5b2b1765e80598c840640c8084c6ca91705ea
SHA512 08c03527f140d142844cf41f005a773fa9b4e83237e2777b5f0a80d750655a0285149a8c0546925f70f1842fd1c165946ce2cd17fb737eb0c086fac75b944dce

memory/1964-654-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 01:19

Reported

2024-06-16 01:21

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe"

Signatures

Renames multiple (5198) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\RedAndBlackReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN027.XML.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoev.exe.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\UCRTBASE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\c914bd39b5c73c919d576f9d9d31a9d0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1328-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 2cdfb920946bbd289fb787d461d4c3eb
SHA1 e7e17bc56310eac2ee1c7f2c8a7ee4749c473c70
SHA256 336fb6e0097d42cbf1ebc880e890586a781e418142b0377bf7e0ab5aa87a5bd6
SHA512 b74fc28ffb2ed70eb7d28d39c2c4c8824a97e442ba95110d127e0810e5aa1add76abba47a761bcdfb89244522cc777460503440af7b88a45deb9e23540c6f815

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f583c9067907de8d16c7278cf4ec2ba7
SHA1 14f16549a0d2629c89170bfe16bedc2cdb88e8a3
SHA256 1f9b4b37f418ffef590d1b56b61d4292e6c637efe34bbab3d2d03c96b247577f
SHA512 914d0d59abbeba073574295143615bba6ae847d99032449aff56a839f7e4e288e51a63c4fed1e745ac00372854c73cc4d02a8f08730b78e8dfcb72c35a717017

memory/1328-1962-0x0000000000400000-0x000000000040B000-memory.dmp