Malware Analysis Report

2025-01-03 08:26

Sample ID 240617-g82krayclg
Target 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe
SHA256 2549f0a3ec3be98dd6d90977ebe7159e634db2d397516cb88d37e1137829b65b
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2549f0a3ec3be98dd6d90977ebe7159e634db2d397516cb88d37e1137829b65b

Threat Level: Likely malicious

The file 5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3737) files with added filename extension

Renames multiple (4865) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 06:29

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 06:29

Reported

2024-06-17 06:31

Platform

win7-20240508-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe"

Signatures

Renames multiple (3737) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\FDFFile_8.ico.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RTC.der.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationBuildTasks.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1612-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

MD5 ca2911e598dbf0decc4e1246c7db9b1e
SHA1 7cc6757d22cc18ef0c9d1c932a0fafe0f001e3fa
SHA256 cfc15ff55228dfa5664bdc3beb179da3c655a5f05813fad0452c472f9f5f99e8
SHA512 9d9b3f65aebbb78ae7e344d78c1a5e4c6cc24f5099cd88cb4b1459392f40fd9ec6f29e572620a5ad651f87a139c1bd8d7dd15c9554f428db08d1811d4c072731

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 d5b6f44d16c69d6ff385247ec3120bd4
SHA1 049c9fc0f6ba6f3f01676dbbfe7bc636cae74eec
SHA256 5d951f01dd44318a70981f885d54bf868d44382bc3989b2e3862cf77a5f3c04a
SHA512 c4630cc102942ddda583e82e8204d4e26b3e4cb4c3be48c7af6435913f90ffd634e49f20cd1b26cdbb1b84dc46a72503f016d4b342f2771735acaff2775348e9

memory/1612-662-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 06:29

Reported

2024-06-17 06:31

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe"

Signatures

Renames multiple (4865) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SLINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\hi.pak.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-US.pak.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.LEX.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.dub.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\EnterTrace.crw.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5a1f5538116ce46cbce2e237487f52e0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
BE 88.221.83.211:443 www.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 211.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 94.65.42.20.in-addr.arpa udp

Files

memory/4900-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3169499791-3545231813-3156325206-1000\desktop.ini.tmp

MD5 1b4392f834bfe290544e76bdc92ddc60
SHA1 cc54a73ac90657881887767d0fc95598e6afe7b7
SHA256 792dd60e7bfe9c25c02e36b6e465d898a5cc8ede336a35608c48a95ad182d1b2
SHA512 1b951c5ebf1a3005d5cbb498531b24a869e66b333f51cdf038a7a7a00963fa8e3e28ee149ab46226a6b9968631421f84d616e9c1b7d50ea3ad8eeab9eee2a5ae

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6a85c355f2deb47ad851b1602d5e6abc
SHA1 c8eaff0b733b4fa78e8c45419b91310da87d6ea9
SHA256 18150f044cfe0839e3dd3032885ab31ca816b5a16962411348f824beb6df2348
SHA512 a643f905e3dbd37ff9bb5ff09d674be7ba602bede38e194847e22c31ce6d819f67d3ef95614d229af13d4b23c34a8730a65360be28e4104d7e3a8de5eaec5c42

memory/4900-1780-0x0000000000400000-0x000000000040B000-memory.dmp