Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-ga5vhswakr
Target d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe
SHA256 161e137b652e6a174f379524fd640fb97ed401c97f8ad254859cd2b1f6faf870
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

161e137b652e6a174f379524fd640fb97ed401c97f8ad254859cd2b1f6faf870

Threat Level: Likely malicious

The file d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (5270) files with added filename extension

Renames multiple (3490) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 05:37

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 05:37

Reported

2024-06-16 05:39

Platform

win7-20240221-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe"

Signatures

Renames multiple (3490) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\es-ES\jnwmon.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe"

Network

N/A

Files

memory/2172-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 55593d911d913c44ae4fd3be33b59deb
SHA1 8d0406093cff63caab7f275b96040673b396e99a
SHA256 eca90f1050456673c0d09fbbbd6dbbb76b141dfb4c44039e7f845d0632f535b3
SHA512 0486fadb8a7d2503ee8f344b4903cc4e0d2f2f086ffd1c6024f4a907eba8a8d324493f3014745370fc7188a0021f3fe27b8e8b228d284851023453948d116a66

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 fe154473e526f93edfd59850f0fe4656
SHA1 aad6b126757e9ee525901f8908815986c5ab825b
SHA256 f340505020151267e67aafdd892c046bd71b92d3c193871c6811fff8ea9d7db8
SHA512 63cc12aab72ec5f07860e07bc98cced96a98f89428cfdd535709733ca797d4a0049e51ab0df36bcca3cf27d680774961608717f358f2b948211b85b4a299d3fb

memory/2172-648-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 05:37

Reported

2024-06-16 05:39

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe"

Signatures

Renames multiple (5270) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-REGULAR.TTF.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\jvm.lib.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL118.XML.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Training.potx.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\McePerfCtr.man.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\d988f6b8f4054deedb009022f2df1a00_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4292,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=1280 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/428-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 f8b9cf28d75a7cb2987f9e2f9bdea2f3
SHA1 3190d29f3a0cadb3bb756276e7fd6a5487555984
SHA256 adf04875966556712f242be879b72826e9a4f164bdb28ce3f8798e2c1e1550b2
SHA512 214d1e2c47fa4317e80219fdc867701f18c1ed48fd72fbc8bf9543b36d724c6fd34f31f9cec01fbc04b7e6d79be83bdab1d3328e307c0bc709322c7895030d13

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 0f5d9e78b800c4250079ae17ad0bb2b8
SHA1 a317e6082c574d8ab03768b3e3b360d6b74f40f4
SHA256 21c326c71d1d39905af9abafd8ba66291650ab1e063b3808224c43e168ee7482
SHA512 94061b77642a66cbdc2a3db0b890278b9b570759b5740d3b8f94d380a89080065935e06fcec4b23b821a19bf81f34e8cdd1d6e258015f247568c1d28da3654db

memory/428-1952-0x0000000000400000-0x000000000040B000-memory.dmp