Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-fqxy6svcmr
Target d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe
SHA256 7b6f6139177eb52725c8aa6c789db560f9281f38f8b5941c8f7c8de404d16de6
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7b6f6139177eb52725c8aa6c789db560f9281f38f8b5941c8f7c8de404d16de6

Threat Level: Likely malicious

The file d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (1164) files with added filename extension

Renames multiple (5117) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 05:05

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 05:05

Reported

2024-06-16 05:07

Platform

win7-20240611-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe"

Signatures

Renames multiple (1164) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\co.txt.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2852-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 d35546b486ed9d60db3510a42bfabdca
SHA1 1398e255c4cd5b64734c18dc405a2781853e985a
SHA256 435758e9dd5fd4696524b9c4665ad3f00af6857b7044f60aa4845f3f7f400863
SHA512 2522acdd7985028a36e9d9d7edf7182ab3956828d53fffe695e9b94525673b863334d553be759727d12711765d5edb833fb25a348df284d7a51d55f817ddc681

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 58f70083ed75b94f59a498ac6f814c9a
SHA1 96850fe9139a1ef77d142bbc14a41ae3250c8bca
SHA256 060bddeb0d8152b7cfd70a18b340bd0a53ba828841b81bb6ce70feaad3ba27c5
SHA512 3659a2ca92b87dbb36827a4aa0ad908ccd95a0cc5e791214db3657b5bca97cecf3274d7d2226cf3b668772089f51c9918659c1e588f447f79bc73dc119e67b82

memory/2852-26-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 05:05

Reported

2024-06-16 05:07

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe"

Signatures

Renames multiple (5117) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WordCombinedFloatieModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\CheckpointSync.wmv.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\eu\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Blog.dotx.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.inf.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.White.png.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\d792f933b6e502ddb1f4da31944e4ca0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
BE 2.17.107.123:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 123.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/2276-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini.tmp

MD5 7f180ec7bc10dc1a1b20bc5701327cd9
SHA1 ad0a899df66f910e3718eb9d7b0426b237cf9f18
SHA256 a2b2d658c6dc79d9662c96abf5fda59f52827ed8dd5b69ae3020ec7ced6ae093
SHA512 00d35c0bc2886eeb184d214a7e416731da8ab5a46219865967d947181f301bda00d946f57dda2d72f0a2cca022c726031cc9bdf4ca8113ff69a3ca6e42188356

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 73d83ec6c67f57910fffd9696f30bc61
SHA1 5000a7eaae03e3039548db62a8f88b921cf352df
SHA256 00155754ab082832a3992392f2ffd9371c8429ce47324cb9600bd44d1585bb4a
SHA512 e24c6dcf804364ef189955a12a57897d091adcadd50b5b91561865f8a4a90bbebe6146d3648e225fb897910c9d4f3e9f5aa4f6788607bb0f06dfbf9d932ae3ca

memory/2276-1114-0x0000000000400000-0x000000000040A000-memory.dmp