Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20/05/2024, 06:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe
-
Size
83KB
-
MD5
c38e77689fa9e1b623532e5c0b7ba1a0
-
SHA1
678d52e2ecda21c1b827a93d60ca6d39abf3a4e6
-
SHA256
c8ffb2ee1cc0cde507f766ffce8c914de328121b53dc46b45a87ec0b5618a189
-
SHA512
18220cec7d788d37da5300ceddfb8743761bbda3375ef8952aed7bebe3386b4735ddcc3341d4ed371163386e4d936df51f218a3c6b7b14b90631c8f36d57c410
-
SSDEEP
1536:W7ZDpApYbWjIlE77ufL2e+efZwZavliSiW:6DWpwE7oL2e+efZwZEiSiW
Score
9/10
Malware Config
Signatures
-
Renames multiple (4726) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-180.png.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\id.txt.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Controls.Ribbon.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\readme.txt.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationUI.resources.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\libGLESv2.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ul-oob.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Overlapped.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\ReachFramework.resources.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.ServicePoint.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\VOLTAGE.WAV.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.AeroLite.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXT.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.CodePages.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.password.template.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql70.xsl.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\Classic.dotx.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp c38e77689fa9e1b623532e5c0b7ba1a0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
83KB
MD5dfd6cd6b2b4e316f59f2519a94e3cdf7
SHA1e3b5ea63596da42181d01edefb7387dbbff6c970
SHA2562b4c6f60ea45ea2d92a5b35031241a42cd519bcdfab8523436cb84cc7648b076
SHA5121b8d70fde466d82a5854fc290b9659959a29e229a80e3d4fb490b352cd0a5e3474ac9ce5e839bb1966a4b78c7319df3a704d714f95f40b26664898e7c47ab60b
-
Filesize
182KB
MD5bc524bca5d5c2b722ee75f9b73523e2d
SHA177d375c22cf5ab2b8bce49837d57ee26d00a006f
SHA256f3276cdd9bcd41fdbfd670639e5ea45aa8ebddadeb454caa8e7dcdfb3e56751d
SHA5127280f38be20f5f21afe620210a135bdaed4612a7e3da58a4e111b45c64397e50e0d3e4f4e74f6f1d7769bf380e5e2befc96f73f931b5de108ad18f3e2509950d