Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-dhw1ssxaqh
Target cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe
SHA256 d759428b53a9b340630e6dad47046f25ae2ecb39776261f16bb750a104d22c17
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d759428b53a9b340630e6dad47046f25ae2ecb39776261f16bb750a104d22c17

Threat Level: Likely malicious

The file cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3433) files with added filename extension

Renames multiple (5006) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 03:01

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 03:01

Reported

2024-06-16 03:03

Platform

win7-20240220-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe"

Signatures

Renames multiple (3433) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Memo.jtp.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libmmdevice_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\MeasureFind.kix.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\es-ES\PDIALOG.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\OmdBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe"

Network

N/A

Files

memory/2184-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 86adf7fdbd7ebd2fd0bf552460586655
SHA1 b831069331ee89051d7f5bdf669482326688f53d
SHA256 63eeb2bb99ad9f74164b354c2aa0ca4eb797a65e36d076edff6dabd12eff1652
SHA512 0d6bdbef00e763febbcd4be2841f8f26c36a68cb3dea930f5864affdba5d4500c52e73882a85b4e3ae67b929c03dd8e3756c6a0d924b9f4bb486cbcbbba530bf

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b856cf9ffda18df5eb8fcb6ff9addd4e
SHA1 fef36b2308f82c57271effb743f796b1810e059c
SHA256 191c4be370f44b4be92805d1becca440a579eea6828f1f43563b2e2201171f4b
SHA512 131fcb2333ad9b74ac41dbbe85f6957fa861ff6148d0b68a8563439a50a86189b7b3308bbeffb05a9beaad96f678e0344d6c236d2a781e5125dc7263cbe5be27

memory/2184-74-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 03:01

Reported

2024-06-16 03:03

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe"

Signatures

Renames multiple (5006) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Integral.thmx.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOARIACAPI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\catalog.json.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Default.dotx.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\cfea9f806769b691b72ecdb28cbffc70_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

memory/4496-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 677cc8ddf54984030fda52fb4030dfbb
SHA1 18ac5afa8d46a93e32911503cbeed3bba66dbe9a
SHA256 bbdc633f9975daf526e48594b9f4a3e2c0c5dd9b6af6801275c80d6251a2e7c3
SHA512 c3ad2af0d9424256c6d8f2440c2673c7c09c4731d88b56ebcd26db50a68700625118e485f02f35ed482e5b691cd92932d196b3c146c87e2460f8b1120b00f482

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 91487beda16bdc8b126cadb87017785d
SHA1 63685bf49b32ccd9d2deaee0a5f1e68c1f6a71d1
SHA256 bc14c5860b6ea99127aa653bcdfbb8d26cff9f2640fadfab0b52b1b3589e6827
SHA512 ec3e49ec1784a2461c5cbd7cadde3be255ca6a5f8a5499211c88ac4c4ecc23548688b0e3c679b98fc03c2606af32982e92dae54391011b63564947a908296903

memory/4496-1026-0x0000000000400000-0x000000000040A000-memory.dmp