Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
06/06/2024, 18:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
-
Size
29KB
-
MD5
eaf29828e30926e47fc35b590f804050
-
SHA1
e82f4cdfc80dd31125d50f4fc260c7e3e7160c53
-
SHA256
21cee6ad9f6649746abb2a93507baf348dca80ab184f83e461e80c24d7ba328d
-
SHA512
a81307b6531b937feabd0b24d5bdd55b50fc36ece54f7a71653c086347825d65249db3def2b266b487f94d0b903d168eb2db78ef87eb95ed16eb6834b7a25ceb
-
SSDEEP
192:tACUADIY0Br5xjL/FAgAQmP1oynLb22vuN6GnN6G0JN:GBt7Br5xjL9AgA71FbhvuNBNqJN
Score
9/10
Malware Config
Signatures
-
Renames multiple (5194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ul-oob.xrm-ms.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OSF.DLL.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\wab32res.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-100.png.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\en.ttt.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN096.XML.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\osm.x-none.msi.16.x-none.boot.tree.dat.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\vcruntime140_cor3.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationTypes.resources.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\osmux.x-none.msi.16.x-none.boot.tree.dat.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.DLL.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordbi.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp eaf29828e30926e47fc35b590f804050_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
30KB
MD57599d4b733f3143ca783ec43781f1798
SHA1e0e9c4f2101a79140198f2c362b218ebb047f640
SHA2561228f3728c89062dd1fbcc3cbeb82dbe73fa12e38dface182199c40889d74612
SHA5125f8e6ed81c3e7987f0484f4380fb1b58d71dd81bfe0234f3e005de5b9f39b21810f9babb2c23286cb65cc5d61babd15a805bc93cb78c368dd85186d944fc072e
-
Filesize
128KB
MD5f4afe78b8ab0f5ba9b60ca4369831f54
SHA154919b1c3e51bb57cc419b9159543c45c4cf4139
SHA256597f09a04d6f2ee34172286b1c018734be9765c24bc68b25337a7408ad591411
SHA512004daf6e57b15a8dbf01a2b4ff4b6fd92d81921951506dd6f9692a0e7724ed4a8e55c0b0f027b79727edf204cae82e7596f69d2c6b34b37ea6e2aed43bc35839