Malware Analysis Report

2025-01-06 13:04

Sample ID 240617-a5vjpswele
Target 27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe
SHA256 e43286d0c2b749905888498e798ea6e52a0893d9c8bb0f224bdd4a1bb0952a98
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e43286d0c2b749905888498e798ea6e52a0893d9c8bb0f224bdd4a1bb0952a98

Threat Level: Likely malicious

The file 27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (4505) files with added filename extension

Renames multiple (332) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 00:48

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 00:48

Reported

2024-06-17 00:50

Platform

win7-20240611-en

Max time kernel

150s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe"

Signatures

Renames multiple (332) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mng.txt.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Eurosti.TTF.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\Filters.xml.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe"

Network

N/A

Files

memory/2208-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp

MD5 5be162a5c945824f4635a9c7bda9523b
SHA1 12dc536503467d88a2ed5623041231760db8aca1
SHA256 010c76fc459a3f3532f3b0a5f42a70810fcb842eb6d827f9518634403204902c
SHA512 e16362f44fdd628ef5776296da438ff8307ac2b2dd29ad3be69f1c324c3ba463ec7d9c4e46d684bf9a94f1c905f2102f23bab00ae4ea1c718a85747cfea2fef6

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 eca9e8f3dcb2c2a2f96ce649ffedfae3
SHA1 6b321e0da7b4194494d043a63fc8810f1d613ecb
SHA256 01e46101edde0aec97525303b942eee139755a1648435efd97afdb06a9fcccad
SHA512 43ddc46e84f4c65084945fe1c7c92c6b808998c65dab5b081fca76c56ff68a3ea5c8c28223b181d9b4ec1fa62b3bc525744ad3f14f7c7b998cb13e1ef62051e1

memory/2208-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 00:48

Reported

2024-06-17 00:50

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe"

Signatures

Renames multiple (4505) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ChakraCore.Debugger.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\si.txt.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\27a11ec48b30480b8738bfa7b6da7650_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/1540-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 7d0472bc95271d566a8a8bff5edb24f0
SHA1 6a2baae2290c0aa93cc0255b38e1c09dd814c4b7
SHA256 ae2312b98b63ee37342de55e95251e66bdc277d4ad172b7d89da368760149086
SHA512 6c8df57ad98b90e48c242a461845aaa36b6210641953786d3d6fd620e641f7886c2168c0a8f85ac1f11ab81bcdf78e7485ccfb34730adb1b21e9577034c97622

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 a6f3ca19d180fe70c6f0f40e579a6e7d
SHA1 7304b3016479fe43a61902f4ee2a349c70f595ce
SHA256 58652d0e5bb383c766a857bfecfcef0494634f146eaaecd788d129bd0e099905
SHA512 94cbb63b71f2f85e183d9a6939f06d005d2b5f24961012f86ee982b057eb111fa98f2c57e8d250129f5899a3b5a87e1739678b7071d74a61a64535bcb36ebaf3

memory/1540-1572-0x0000000000400000-0x000000000040B000-memory.dmp