346164fdc5c43a8049fd0bdc082f31f1af81d840330d87c7a6b76c37c31a19df

Analysis

max time kernel
150s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1219fefe55150361872540a4f600d830_NEIKI.exe
Size

78KB
MD5

1219fefe55150361872540a4f600d830
SHA1

3b0faa98c00f580fdfe55df7fa3cfb9efdae2a80
SHA256

346164fdc5c43a8049fd0bdc082f31f1af81d840330d87c7a6b76c37c31a19df
SHA512

ddfcc191c15d31803ec6fd98f28870de61f4edd5edbbc731ea065bca2dacaf6c350e507bbbb6da1733d1b22c4723ed7072687171b79a59a8a2e87bc78188dc44
SSDEEP

1536:W7ZDpApYbWjIlE77ufL6YRYvQFrxFrN6v:6DWpwE7oL6uFrDrA

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5029) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClient.resources.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-100.png.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.map.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Xaml.resources.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\en-US.pak.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Edit.White.png.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_iio.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-oob.xrm-ms.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Transactions.Local.dll.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp	1219fefe55150361872540a4f600d830_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\1219fefe55150361872540a4f600d830_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\1219fefe55150361872540a4f600d830_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:4640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3726321484-1950364574-433157660-1000\desktop.ini.tmp

Filesize
78KB

MD5
7433b49dfb8b5278ba2631052d2da4d1

SHA1
21106e10c008bb5a7ec375e13dd0260d48688846

SHA256
cbe3a92196477a02a635df65596c00325c1980cdb405e4de83761229f4ca10a7

SHA512
a5ce755d22e1c142dcc12b6db19b6bc0421c50c7c3269f079867e61ee16d0b97f78a533175376c16cbc15c1d7a7daf9bfd4d9154d2c3ad017c60e9b769c329dd

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
177KB

MD5
7f5e4333900ff33a67eeae91ad47e3fd

SHA1
01e3edffb51fd31844bae8693a70b9628dd3fd0c

SHA256
50e76e49275236c311122f1bb05d7710c1522271a60793bdbd7c0d574b085623

SHA512
1d8cef6f64a90a19daa6e3e404c3a20c1e08a88550532093226bd12936e3cf4f4096fa1b6c5c740846afb2c787dbb87382fc37c158ec0769fea53a996392e7cc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads