Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-dnnava1dpl
Target d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe
SHA256 738d0d9c00849118a506d7fdb8723329b7d7c8b06281e20bf9ed94137d26b2b1
Tags
ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

738d0d9c00849118a506d7fdb8723329b7d7c8b06281e20bf9ed94137d26b2b1

Threat Level: Likely malicious

The file d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware upx

Renames multiple (5036) files with added filename extension

Renames multiple (3741) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 03:09

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 03:09

Reported

2024-06-16 03:11

Platform

win7-20240508-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe"

Signatures

Renames multiple (3741) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_es_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\digest.s.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\InkSeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nn.txt.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Defender\MpCmdRun.exe.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\weather.css.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.CMP.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2252-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 1fa4a1b4ffd86fa104980e7753834971
SHA1 bd710fbb690b7a28abfbe5d3c24ccc7572e4c9d9
SHA256 7fb9ec44fada0f850ecb5cfa51fbd2329f9888f4d5c3985e912db121c10d1e3d
SHA512 73e0fb114c175d198941a6407d51f21e4f7efa8a79663633b7863160be1610daebaf22e3041fadd32c238e004499494b5dd384f6248884e9c089ad3a97ea7ba3

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 59df0f420553c895f2565baa869d9a91
SHA1 f704e7fd21ec2f34d5955e81c091922fe3cd6550
SHA256 9c60a9e4d3c262cae2235f347f4e2145b197b8d70dd114a3c88f23ce4449536a
SHA512 342c239a72cf5eea123b8c00fe875e56623954c17ff5f2eea60713484723ebec5e93505f4adf025a45c3a5c2db79344ae3ad2af68d99a13fae6ab223e3df8963

memory/2252-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 03:09

Reported

2024-06-16 03:12

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe"

Signatures

Renames multiple (5036) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN054.XML.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\javafx-src.zip.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN114.XML.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\el\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\Office.Runtime.js.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AdeModule.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\d061593923c8cbdb33cbf4e795d1c9c0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

memory/3628-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 812784d48a74672523a6dddfbd3cf86a
SHA1 07859b54ee3b127b99b862a933cca561109050e8
SHA256 ab725df119138eff20d44675c94b4a985ab1cb3a105baa27bc35489e9c383038
SHA512 92a5e5a4ebae88fd20ce55e724ead03051298ae54695490a975d1d05292b0fea305df22ebf0415543e11914cb1864f6b4546bcb261f186de2f7333c4fdcfe8c3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 928b6546fbc1fc63db309cb44fea825d
SHA1 3b87a4a528da008db3bbfc6a76f4b8a19de44574
SHA256 9a5ed6d603289e69a66782f389d2fec67857122c81597ba26daa212963822f49
SHA512 47456806dc72535833b17cb7a52710688169540177370afd493cf0a679723c7e2c8f89a228aeb26276ddab40fc1c7af4070771959135a52fa4482b800f6f51cf

memory/3628-1096-0x0000000000400000-0x000000000040A000-memory.dmp