679ccd6282b6fb646aab200ac17ce5bcd248133231d706dd94bd1629774651a3

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
Size

112KB
MD5

3b0603e70c4ed9ab0c590a72c012b4b0
SHA1

10541dc1d0166957d1ea97a28a66b962c156297e
SHA256

679ccd6282b6fb646aab200ac17ce5bcd248133231d706dd94bd1629774651a3
SHA512

34f8b5ee85d44557d728f735f745188b97032f73cfbd37165eaa6ccfe5b3617889c55c41a50ebcce4fd90aafd514fc353650ec18cdc484b5474e2b337a089a04
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVz1:RqlIyFESWu0SWuGSB

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3438) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\PushGroup.hta.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingEngine.dll.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\3b0603e70c4ed9ab0c590a72c012b4b0_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
112KB

MD5
6726c36de25c7905f03f3172dad01596

SHA1
edfb60bcbba11241347484534e9c4cbcd096b6a0

SHA256
8da76de1c7c0b1a08a082edb784a28f6fb6e71b8c76d721746f6593a3e17dec8

SHA512
34a6b9a65e544256fa3051709f5799aff2430a127876d5ebc8210f17cbe18b6e05697e0755ec1ce68101b1e275b068c91a90ce79a4c26aba46fd8993c49b0e99

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
121KB

MD5
63707172f211988ef1cd8c57fd70ddc4

SHA1
14aeb470dee0d2f21e81d43b917190a74e25c137

SHA256
53a6d3bfa4eae1c43b16d1246eb4faf699330536f7b9f73b97a9f493c33730f7

SHA512
93e4a2661fbf550b2926a33ef5690f73a08e78856f31d03beb028391c6ae50c8fb08f8b9aeb5ae863d2d317d94bcbd322b35bcc65e202bd8b822288adbab8be0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads