Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 16:49
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe
-
Size
102KB
-
MD5
96a62bbf7687083e2861ab500c248650
-
SHA1
04443e9da0700e3d70f25755ee27bd83cc40f70c
-
SHA256
0ef8c521ef6a9e63f498701bf90431e5dda0216a62e1b144e30f931139565809
-
SHA512
6b8e32a667221b2e40cf6a92d88075a9dd98a98d52c4907ce36c4c121c267c6db56b3fb8e721d3bc00305a502ac8dfa5413e4328419c61ab885ae9f1233b99df
-
SSDEEP
3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVz+:RqlIyFESWu0SWuGSS
Score
9/10
Malware Config
Signatures
-
Renames multiple (5006) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Xaml.resources.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Serialization.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ul-oob.xrm-ms.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.DLL.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-phn.xrm-ms.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ppd.xrm-ms.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-100.png.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClient.resources.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationTypes.resources.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.NonGeneric.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Tar.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationFramework.resources.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\cs.pak.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp 96a62bbf7687083e2861ab500c248650_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
103KB
MD57d110588e3bb0a2e59a662952b1f848a
SHA18a160b637a04bab80a7db2fb22e79bc4c82fecf3
SHA256a9f544a06b7ec149f5e73f6280d3fcd9803a49c0e96701d391a8a91c9acc2002
SHA51232176e74cd5e973c916919601faaa26d7763a361dc0df8831e6dacd47ac67ba406044ca9791b5118a771c6e25db75868c16f1167dbadfeab56854a9c604c390c
-
Filesize
202KB
MD51d56e5456101d84f9d61c04ed59df9a1
SHA1a8f7e983357694e3e936c3dd2762db2005ec44a9
SHA25604e70d30d9d9eb2af75f47848ac005ee142b5c039bb119743737e78d4380fbbf
SHA5123ae55f2f8daf1b18d672be711febd610aa73abb339db440389a0e46a46eaec0e8ce50928838c0012ed8cd8da9a8c412d18d8baa08c9f510d6af3363106522352