02887a96fd842d6de12c49676f1e055dacd0371c67e94e73fe528ddea0b82099

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c17fee3b900c27a977f497010234ed0_NEIKI.exe
Size

84KB
MD5

5c17fee3b900c27a977f497010234ed0
SHA1

3beb3cc7470382c537ea755cfc1f130b0d7d2fd2
SHA256

02887a96fd842d6de12c49676f1e055dacd0371c67e94e73fe528ddea0b82099
SHA512

5a8cc4139d07a08fbbfd7c8d42c51d64777828ae69671ea750de37d448eb9cf0753da08f160f3bc2808803cbc61ce3ca4e36fb9f93c70c8c5ebeb6d2a16a725c
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q4xFrphgG:+nyiQSo+hgG

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4914) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3196-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000d000000023ae8-2.dat	upx
behavioral2/files/0x0008000000022972-6.dat	upx
behavioral2/memory/3196-1766-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceProcess.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationProvider.resources.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-180.png.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.png.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jhat.exe.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-ms.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f33\FA000000033.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	5c17fee3b900c27a977f497010234ed0_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\5c17fee3b900c27a977f497010234ed0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\5c17fee3b900c27a977f497010234ed0_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:3196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2860750803-256193626-1801997576-1000\desktop.ini.tmp

Filesize
84KB

MD5
b957dc146fcf800209a10c2063abdd10

SHA1
547a8add158ff2d70dcfa28781a4f7dcda287f6a

SHA256
b5a74670b591813bea4084b81e848fe8118c54f96e57cdf588d3e5f2350152ce

SHA512
56daa3bbec6e47f52016553820adcfc65d30297459bb45261473c5ae8b34fda37893fbffb7efbcb0de9cb7cebb61f55416054d956108cb65f1ed3d4ad7c02954

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
183KB

MD5
255e8db8f2fe0de64965f65acb4852f7

SHA1
88a9cd2669f17509be9754970b1a534c0db549a7

SHA256
20cfdb9272e7c6020b61b85612d818adf471608fb8632ed699a072b13fffa4ff

SHA512
fa335cacef1c6cbbd1828c8c0bf29ca7357e53c91c7148ba4913a8193ea42dcee39aff4c3292b60ebef27b5be09f29858cf66ac41570addc9d16a7a1429f9cd7

Download Submit
memory/3196-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3196-1766-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads