Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-ge2zeswblp
Target da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe
SHA256 f44d5fe798ba5525729ff6d2b7263488fdd18524881894cc4b421f3cf0caf0cd
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f44d5fe798ba5525729ff6d2b7263488fdd18524881894cc4b421f3cf0caf0cd

Threat Level: Likely malicious

The file da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3684) files with added filename extension

Renames multiple (4823) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 05:43

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 05:43

Reported

2024-06-16 05:46

Platform

win7-20240220-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe"

Signatures

Renames multiple (3684) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\da.txt.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\br.txt.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\jnwppr.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\mozglue.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRdIF.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\softokn3.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe"

Network

N/A

Files

memory/2268-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 8e734cab91f187893fedb2fac6ce904a
SHA1 c2a925d6c9eadb09b74dece2476bff51e6368d3a
SHA256 34dce47a0a523f44e2f0ff8ea4fce3638c548449f2195d6147b15c812a30d60e
SHA512 c7401a4f286729aee4e1cf98f6b79e1af616ddf6945b54bdfae8e4702dfcff9286600b860d03253e0c18c2c68396d6c855a0c4eef8dddf5482de7331299feff2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 39a47a25cad0f1d312f255500f858017
SHA1 712127d86e716d84e3f4ae23ce363e4d05ac6b2a
SHA256 01a396706d98de06c4f4da15a35677171eea8f8c7b947824e1887c8b9dcfd8f1
SHA512 46c45a207c4f99ad9c42fdea34959181cf950f512579bd1fc1d8c8bc151cc70af4bafc4ff3dd2ce11eda2c0f109cf7b2d92724d6e5e6de6fe7cf742654c22e87

memory/2268-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 05:43

Reported

2024-06-16 05:46

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe"

Signatures

Renames multiple (4823) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\da0288aa5455216d53cacc8e1e2ba570_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
BE 88.221.83.211:443 www.bing.com tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 211.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

memory/952-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 ca54310239bcb3c98232c04d9d6bd24a
SHA1 cb27e71e463c055e0589e9df4524f5a771b62877
SHA256 bea2a98fb9997ee962557301e48d32a6c5ab05dd3f3147f34c035c22db2295bf
SHA512 caf25a7b225bb3e20e411581059cac5a8fcf9fc23768f952907574abb8ddae72b9b7bfa1ef14e8de56b44d87ede07a16f835eddc3f5fb5dc22a9dab42855a3fe

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 663292d2afefc50c90afff3d53d03f2e
SHA1 3501eb71ab2735abb0bdea05a3d78a7c0157b1fb
SHA256 538ea5b06f4bed441cd0c7ba62d7b59c01d9d2b84587799ee427fb752a6abda2
SHA512 717a86b6746a07bab75b9713a4346345397445ccf5286f997eac4b8020f70d5a3b3fb7a71ebea9ed55d4e27d7c04725fb35f0fa12755cabf9c9dd17f02c1a7fb

memory/952-912-0x0000000000400000-0x000000000040A000-memory.dmp