Malware Analysis Report

2024-11-16 10:55

Sample ID 240616-gpkg5awdql
Target daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe
SHA256 3bf851200edebdf4a6642fd36ef53946dd671c1be3c5f52d4623f02e57d1120f
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3bf851200edebdf4a6642fd36ef53946dd671c1be3c5f52d4623f02e57d1120f

Threat Level: Likely malicious

The file daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (1073) files with added filename extension

Renames multiple (2124) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 05:58

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 05:58

Reported

2024-06-16 06:01

Platform

win7-20240220-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe"

Signatures

Renames multiple (1073) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\es.txt.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\Timeline_is.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2928-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 26d52255dd75569cc7b939e385387aae
SHA1 bdf4b0ec95211255b89128cdb0fa20aeca60b5ea
SHA256 a6611a979f0e3f91dc346b19e0645420281f174f5e440ae833fb8a3f4d4f8e02
SHA512 b3a3b12605f51e2efb287c1e46f98fbcdf547c586332cb5bd245c8a64d4f1b1affe373676cca6ac99cd7dfe29477ec963ba7dd11b6f4b0038a822eaf90751759

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 03678e7e394590e58786a3c27236c7fd
SHA1 01ea282c053d8503e56f6018019451028d99ac4b
SHA256 5eba718f788bc6f4f33f32bf3b8c60a17e613d6d8157c92c709ea81644072b8f
SHA512 1693f0ddba9de20015b350f3998c89cdd8991bbaa695a5af60205c49d381f0818ae37ea6976fa06816a821a42e10b1842836633f3d1b211de9c50a8f851dec32

memory/2928-184-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 05:58

Reported

2024-06-16 06:01

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe"

Signatures

Renames multiple (2124) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\libEGL.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Debug.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jmc.txt.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\tr.txt.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\daf9ce949fa49db91d48dfedcf6833e0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 232.238.32.23.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/2192-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2447855248-390457009-3660902674-1000\desktop.ini.tmp

MD5 7de25cd7a957ed0975bc4be9023235f2
SHA1 05e05ee80ec03c4372c99ee2f4e77bbf4d6a3140
SHA256 99b1211f47d9d9b092255c5babd50d6b632e6873d029d897cbc3d50f9bf6b352
SHA512 be350f5126ddfd38fbd6d04cc7d4e4ee638105ea6841dc25043bab41f3f2260a2e4f30a0084a2151a5118428e4d1c71c6c25e91d97a713124ffb62454d0d42b1

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b007864365684c55b447d097e6714cb9
SHA1 47087f1cd004963a54f2d4d05b2a39faad1bad91
SHA256 34085f9412b56562abdb90154025be5bc767810e37f60fd3be7e12383465c47b
SHA512 223f8d1319c12221623ff51886b055c9cbef71b6b304f10984ad4aa1e1f91f62bb9068d78101671c0f0e59550205738d3787d84b3452e358e13e9ef842bfb4cf

memory/2192-842-0x0000000000400000-0x000000000040B000-memory.dmp