Malware Analysis Report

2025-01-03 08:25

Sample ID 240617-hp2bbatbjp
Target 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe
SHA256 df5ed30a7f8b9ad8ceeb523c542d0d76cdb6489cc3b14129068a8e94eba0f26a
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

df5ed30a7f8b9ad8ceeb523c542d0d76cdb6489cc3b14129068a8e94eba0f26a

Threat Level: Likely malicious

The file 5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (3490) files with added filename extension

Renames multiple (5236) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 06:55

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 06:55

Reported

2024-06-17 06:58

Platform

win7-20240220-en

Max time kernel

150s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe"

Signatures

Renames multiple (3490) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe"

Network

N/A

Files

memory/2184-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

MD5 dce044b9bd4dfc9c1b17b429c6278d78
SHA1 01d996440208647fc2fd8c7d9b2b4d765d269fc2
SHA256 b141b9ade6a4ebacbc7915c20008559889c1762d66379f198fb6da1991e2fe2a
SHA512 053de23477d19d98a0dc5a775e0e0e0fb2cd652104fd41843c927f4b5f2c7eebe75afb95e8319c71fa72170f366baf64a0ae8255e0588ccd5c381cc438544bc0

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 301d97be4d9b137d38c4cc17a2293aab
SHA1 2eaaa87045c48555b83e75b0a135d73c9687e178
SHA256 c596a930edbb07d3b84eca19753b2fd4f44f836b3ad43d7b5cf9895dcba458ca
SHA512 ff30262cd6025f22b685f0ff9dafd012144c0e2af8ae1492f695f0bd54999fdf29839bab49834a90b35e490d062e89df74f478a579410bf8d049d1c992b95e64

memory/2184-646-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 06:55

Reported

2024-06-17 06:58

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

100s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe"

Signatures

Renames multiple (5236) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.png.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\PAPYRUS.TTF.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f14\FA000000014.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\an.txt.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5d57aa7283a0a7f8d0878e0211bf3be0_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
NL 52.111.243.29:443 tcp

Files

memory/4452-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

MD5 0fa078680d8c83022b80288d1c814422
SHA1 6a1f19bf366e069199acfe2628c241aa001fa164
SHA256 c336c0ca9cfe4775031709e61fcab7d8f4041743d0e34b98e22dc07ff394f0d5
SHA512 7c27de5ce8fb73a571b4078a50d975f825ed63d08ab83e4e22edc20c4b095f2a980b2f984da34e8a1883cbbe5136e89c6afd6b010c284cda4dda19de0e00aca6

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c3995a282a2a0ba064e5263e3d6ab6bb
SHA1 3a9b9d6d094701d87c4b67042742e6ee5914af0b
SHA256 d8039a834998f9253c735d2eb2789025b96417cd383a55bda3b4f89a03de45d0
SHA512 ec5fa7162a1de3cc0dbda254e91d2737009e949ca70b78b2e49de0d523be4f5dc004c6e3502783a11c7de3e852e26ae60303e028dfc6605acddfef0371caaf47

memory/4452-1958-0x0000000000400000-0x000000000040B000-memory.dmp