Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-gh6f1s1hrg
Target da7486da7327c4769639c111f7717230_NeikiAnalytics.exe
SHA256 cdbaa27ed9be250b3c12e962d3338996bf47c2fcd3aa9432db295bf318eb5509
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cdbaa27ed9be250b3c12e962d3338996bf47c2fcd3aa9432db295bf318eb5509

Threat Level: Likely malicious

The file da7486da7327c4769639c111f7717230_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (5194) files with added filename extension

Renames multiple (925) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 05:49

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 05:49

Reported

2024-06-16 05:51

Platform

win7-20240611-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe"

Signatures

Renames multiple (925) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\vi.txt.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe"

Network

N/A

Files

memory/2540-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 830485d7005dff8a9e2ed45c33c67196
SHA1 0b302c6031df4ce3e5aba7ffff44e7ec105a0ae8
SHA256 b68a2abe2511caf0af1a19055d55ce8be02ad63de5cab8a6e8d837c112a739ae
SHA512 38d1100cf496b7512e62f9735a70720f68e4608d132d227ea5ad5966f8351ce7587ed9fc54ca1022a77b9e01de7ca868df301f955ce4771480854990548312c4

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3f8731253c20b96b9c16ed8ef535f205
SHA1 fe56cf94e1f46d7b975960e901fa9ede26152e02
SHA256 ada3404e5cd3699dcee923221222fec941e4c8801b474dabe1cad76148bda710
SHA512 c8431152618f76c2919d652ffac9cf9534c3eba8d957025e308a88f554c3fbaaaabbf04d2704e721ae42f7c5bf2b5b142d54ede2da9a53538643634a07bcc424

memory/2540-26-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 05:49

Reported

2024-06-16 05:51

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe"

Signatures

Renames multiple (5194) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7z.exe.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.tlb.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\dotnet.exe.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.png.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\da7486da7327c4769639c111f7717230_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
BE 23.41.178.80:443 www.bing.com tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 80.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 10.73.50.20.in-addr.arpa udp

Files

memory/2764-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp

MD5 55525bb17f6a427ceb54d035d852df38
SHA1 0a1810700fbee99fe1fcd491969625deeda79e36
SHA256 d4bfd127b36ce3e042ee95e171bdf05f7b7158f3009207960e0346c3b1337e98
SHA512 02931cf8d57122fdaabb6e05b9361960a4d9a1309326fe6301e4cee4938583aba5abc315b519f01fe1aac3607fa393209c5a0fc174129dd9df4dc3e89754c15a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 ac9ebc48f69d879765ab618c359ee252
SHA1 c6f596eac30d0eff81fbf83b116fa85604f43017
SHA256 19e8535be541e5e8112ea0ae497981e8e391219bd6c092586d34b2d0f23f08c6
SHA512 25b0e508856f48f5a12aac746a07abdbe53f2f949cf8133e47ca25b87397fc0c4984aba503f1b17e9b0479b34ac0abbdc928d59c32b147b036be48578d9e920e

memory/2764-1122-0x0000000000400000-0x000000000040A000-memory.dmp