ea4b44c013888a31d4398d6cfb29444bf2bd7cf44259e9fe8102254332408159

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 19:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0e468dd56666d65809964cefb955f2d0_NEIKI.exe
Size

100KB
MD5

0e468dd56666d65809964cefb955f2d0
SHA1

46b786b346e391992393513f11506d1326869328
SHA256

ea4b44c013888a31d4398d6cfb29444bf2bd7cf44259e9fe8102254332408159
SHA512

90d3694c6908c5213d0a959838101174ebbf0d48912f683d545c41d6e2e2031bf189a3e1a6eb80df4fc67c451741bffbce4091e2fe0db70e3bd74f43043143d0
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPI0OSs:6rWpcOPxPke+e3fFpsJOfFpsJbgE2

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3470) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPMediaSharing.dll.mui.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tet\LC_MESSAGES\vlc.mo.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Windows Journal\Templates\Graph.jtp.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\settings.css.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Windows Media Player\wmpnscfg.exe.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	0e468dd56666d65809964cefb955f2d0_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\0e468dd56666d65809964cefb955f2d0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\0e468dd56666d65809964cefb955f2d0_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
101KB

MD5
66752912bee0bba6642d0d40b897a409

SHA1
598f7369e51aede2eb8aa7f93e40319ffd361c09

SHA256
c08ae34dfc01c2284ad86ef8cfe8a6e1d2c4c4a90b97abb72d2568811c202da8

SHA512
aa7cc5ac66552ca2b2c08d5c59eddd88265cf980f504209b6cd0f53d513c96f938074813e59356e0dfb93f2729e832e10e4dcc9170f862c68453b8871e7a6578

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
110KB

MD5
bd6927f221963cf5b1b3ca77e11bdabc

SHA1
8c7e55b2196db6079a7fcd634998d77b487a15f6

SHA256
6a3e4f485f398d802626b59c7ad8add45df48c02962a4b89d316dfe85b25be41

SHA512
56543995f71a9ec9179041d46c30d7385a84c3cca9e493f1470130bda35f59cc3a301bc7e793b4dbd204ebf300c61a02c54cb1b09cda1fce09bd61f18ae37125

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads