Malware Analysis Report

2025-01-03 08:26

Sample ID 240617-hm64saygpg
Target 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe
SHA256 fe2140b01839570b839b558515b05d662d3cc9cac87b3663f36553a9d55eafc5
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

fe2140b01839570b839b558515b05d662d3cc9cac87b3663f36553a9d55eafc5

Threat Level: Likely malicious

The file 5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3708) files with added filename extension

Renames multiple (1296) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 06:52

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 06:52

Reported

2024-06-17 06:54

Platform

win7-20240508-en

Max time kernel

149s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe"

Signatures

Renames multiple (3708) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\IA2Marshal.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Services\verisign.bmp.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\OmdProject.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\IA32.api.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\reflow.api.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\Documentation.url.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe"

Network

N/A

Files

memory/1284-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 b7a8866693045dfd55894d7afc2004b4
SHA1 7fd4052b9b6d8089f054701a21906efe3ff11b1a
SHA256 fde06ac0022f8ffd2f8da1d2f28914ec0a4ed065d087b3d23a91a171c60d5bf8
SHA512 3dda8709cd96e051dae5d42be86e108c0793ce0c601f5264929b6919c4573cfceabab792843195ca060dced5929f01c9c8e9921213860c5597938c5f292d6f97

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 337a9f3f99a23d15546c57cedf85b54d
SHA1 b4c93282d6b6b44ff7f192ad12e8f4f33227f597
SHA256 fb1a6af1a9c33c701deaac052a3c90fc8ffa95acb17fb5834df2fc003ff72428
SHA512 b0cdd3879fb2bd7ceb12bb4040a03541252fcae5e98a844959515d33f76dbdbcc3d7175373612846e0775d5ce65b25119c0d73464aeeb2e387f5d980a2ef13db

memory/1284-658-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 06:52

Reported

2024-06-17 06:54

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe"

Signatures

Renames multiple (1296) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\az.txt.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.EventBasedAsync.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fa.txt.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5d162b7afe6cc12b5497bb7e1366c7f0_NeikiAnalytics.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 21.121.18.2.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp

Files

memory/4176-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

MD5 1024bcf23ade26cf3f42a047545a80a3
SHA1 675a295f6692350b6881a635000d424481159626
SHA256 f826243160878555a7623c504eed5ed8fafe010aeaef5f19f34aaf801d431a21
SHA512 73cae1762f96d2f06fc72c02c42ba1fac8eedeb8bbdd0ba5420d36c96642b42b2902a07b494c08fab0d5bb9f491c3998d622a7580188ed3443070613b7aaf36e

C:\libsmartscreen.dll.tmp

MD5 d00dd9ca38f2908f7286f061102697c8
SHA1 06ffea3e7abd8df2dd4489f2f19a1d6efd562a0f
SHA256 4478ecc7ef7a3f09f749ea634127982878219d344cfb0853647529277d82c509
SHA512 a2c2a99ce58e6b58553d24a73a0c5781fb2aac80666836f1f1b706c7b49d1f341d2b727218905972f20cb42b081b34ee2b41e42955a2b83226b1579e34bfdf3c

memory/4176-418-0x0000000000400000-0x000000000040B000-memory.dmp