Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 21:16
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe
-
Size
71KB
-
MD5
074a7b01e94ec1909a82af35e0f6b150
-
SHA1
9979fd28e044adf6139bfd710bbce1f35e5438b4
-
SHA256
d4787b5f51a090855f0cf182dcac2b8bfbf8f29dfa782cbedf5184a594e882a8
-
SHA512
bf31c30566958cbca9e2b57f9cf78f09613fb1983189dd623e0a1dc1ede3d58e1b9342badb1572bc978892782a99858250ba8bd62775265507a73ea8edbc77db
-
SSDEEP
1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t4o:6e7WpP9oVLQthbYY9oVLQthbUrt7t4o
Score
9/10
Malware Config
Signatures
-
Renames multiple (5171) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jvisualvm.txt.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\policytool.exe.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-phn.xrm-ms.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\3082\MSO.ACL.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL104.XML.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\BUSINESS.ONE.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\CENTURY.TTF.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.png.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymt.ttf.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Contracts.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\tzmappings.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ppd.xrm-ms.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\Content.xml.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsBase.resources.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.tree.dat.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red.xml.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClient.resources.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Extensions.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationUI.resources.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\ExitHide.MTS.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\MSO20SKYPEWIN32.DLL.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\BloodPressureTracker.xltx.tmp 074a7b01e94ec1909a82af35e0f6b150_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD596c88a02bf363dc8df141b443f1975da
SHA1ffa5b9a34f650f006753ed7d3cd68a3d1af7f35b
SHA256c787ed5098c468fd0c2c2714ce2928e2785d418904c8aca595322077c28437f8
SHA51237c75b0f116faadf1546aa1b9c0f2e2cd61ff3e5e0c2be875057f55e39b1a606746c33223b1065033a380728101cbd7bb73fe2664124570e4d541dc7e6a7d4e9
-
Filesize
170KB
MD57162f6530d5300686de3f62827f3fc65
SHA1f2a0d5756d9db32f38d16d41856cff74505114e0
SHA25647bd9466611d2f4082f61c773e1afcd8f88400862652882e194afcb31fc19fc3
SHA5120476a67b51701dfcc5b72ac07d70028714b33b38681d2d1257a652e2fb616a23b624d9a8f040bb99629787a2d13a3582f28d01274ac52b33b16f279eb866940d