Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14/06/2024, 09:56
Behavioral task
behavioral1
Sample
b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
Resource
win7-20240611-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
-
Size
89KB
-
MD5
b6127ac6c5c7e1b71d152075bfe8d3d0
-
SHA1
bd05e884fae0d6770899ceabe1092277b8ac911c
-
SHA256
eafee3fd0dd98a9113a71807aa25e5468d3a15e012cb8a988c6d1fb2eb827a48
-
SHA512
43f00f160b2fa9a6bbcf8a08b3c1b968fa333c113057d16d6e281e9684cb7839639e7394de2ed7828eb206ef09299734ce941173ff2f894d4896e02a850346bc
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2IA:fnyiQSohsUsWU9BK3A
Score
9/10
Malware Config
Signatures
-
Renames multiple (5202) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral2/memory/1176-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral2/files/0x000700000002328e-2.dat upx behavioral2/files/0x0008000000022970-6.dat upx behavioral2/memory/1176-1956-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Primitives.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Console.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ga.txt.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.DispatchProxy.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.Vectors.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc.did.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\cy.txt.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\af.pak.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\UCRTBASE.DLL.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.boot.tree.dat.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ul.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-oob.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ppd.xrm-ms.tmp b6127ac6c5c7e1b71d152075bfe8d3d0_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
90KB
MD591425411efab6de9df5a8639f026b93a
SHA15ff74f9a746a494940d948f89a9486a52970ce06
SHA256307c9e9b0005291f746c27651b55279d7c2adeff8d6428ad309989a21587805f
SHA512f5c2a66b515dc45389430ae66eefa8c62e788cf77fc469e7ac83ff0d52a7f405e267c0c88656605d40570643319de6e2f876674f140210df50d87cc4a92dbba2
-
Filesize
188KB
MD5e5e870c0c5196b43a193fcec172d7401
SHA1b39dd0cc2e89b74784b308a102bac7af7d2d16b8
SHA2569d6e517e3bda7cce971febc3a2471d1850aaf7f2d7cbe83ca3584860f254fd69
SHA51206491dc0de41307b7a50557c426098eb903207363a74ed51f6acda7bb9d2456ca0f7db9c54c78c50bb8e9883c16d341b1918edc2d3e458d15804f6e6d428d762