Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-dds4ca1anp
Target cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe
SHA256 db72052e5c15b7db163049869244e2e566c465084dc3d92fe2408832c1ab5db4
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

db72052e5c15b7db163049869244e2e566c465084dc3d92fe2408832c1ab5db4

Threat Level: Likely malicious

The file cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (4102) files with added filename extension

Renames multiple (5273) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 02:53

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 02:53

Reported

2024-06-16 02:56

Platform

win7-20240508-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe"

Signatures

Renames multiple (4102) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.WPG.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\libxml2.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcanvas_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zG.exe.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\SLATE.INF.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PDDom.api.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\PREVIEW.GIF.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\slideShow.html.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1712-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 2a341735def941a9ab5895a9d5fac3c6
SHA1 f67e81c26726791d572b518a9c2db19301dd6a9c
SHA256 be0933dbc406e405b38ff852689a4ad749f7ad148414f7b91c59d4ff693345b4
SHA512 742125dfd7bf00cb953216b27582312f4bab625a810ee331581d7190267f67bffc07ff01c8b3cccec98730176b641bf046f51a6d7e12616bd079e7b88ef3d339

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2f91b8adefeabe0bea8521d9fc635bfe
SHA1 8489ed56a0d22bd365829dc5d032c15888c00462
SHA256 a1365d6c16a7486f70b85f6b0b72e426ec35556bddb95ffcc557d71a4b43a2c8
SHA512 bf16e7cd96e680320cb32b62e5554fc44d74ca95245ca8ab97329ac5ce37e8571bd4bcd7ee6c713cc7d8606b2474909a18f1d54e753aa2c378f8eda961d0eee9

memory/1712-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 02:53

Reported

2024-06-16 02:56

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

54s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe"

Signatures

Renames multiple (5273) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ALRTINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxl.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHSRN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\AUTHOR.XSL.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUB.TTF.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OWSSUPP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Wordcnv.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\PNG32.FLT.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000C.dll.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\LoanAmortization.xltx.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\cf3e27d1f6c63ec9628e9f39e7ea59b0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1760-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 b02912b68299fc6ca51fa0332ba8b7d1
SHA1 09adbf4039af76f6e6a0db534a60b499a828aa11
SHA256 e1253e914b6cbdd446089378b2342f6096bf14bea3318ba1ea580efa921d6316
SHA512 ce3058c6b7333b3792b4ee0319e3b50ce518f40edd062d39c923739ceb6aec6ee8175db2163aaf9a5c6edec444ef9670b5bc0c3179e67c3c4e7f98c038b98b67

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 881e39c338121480cb01a34e360a97f0
SHA1 0b698cfb88b24b5bfe71f06ee948c05aeafba714
SHA256 577ba1fa8296b5b029682bafb2c7bf5ac5c861879cc991c76e7b4d59217dc271
SHA512 b677d26ef2f7dee226d2591a1c08e467b2006004fa829c4051203e1c7fe00b6432ad398330f7f18fbf48c644c74d088ff98b653f5c58acb89ec03f2e3df0d323

memory/1760-1180-0x0000000000400000-0x000000000040A000-memory.dmp