4e386af94a130c62119d166a4a3009ed8ca8ac0a266a042061f436906518f980

Analysis

max time kernel
150s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
Size

59KB
MD5

1dacba7bb6884fb9e43f2bac05de2f60
SHA1

796bd40aa8a607940f0a90b882d645791ca108c6
SHA256

4e386af94a130c62119d166a4a3009ed8ca8ac0a266a042061f436906518f980
SHA512

e9444751ebba716304de43f632eeda4d5c0c4b1a2dc1cb6e3ccb2b29fbb9f155f55a9ecd0adec55f40ebd3b0eee5171d387ec790ecee13bb742d7f7d1e1737ad
SSDEEP

768:W7BlpDpARFbhYQkQjjLaMaJjYJIJDYJIJJZwNq4ukJTkJJ:W7ZDpApYbWjy0e+eaNq0T0J

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4845) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\default_apps\external_extensions.json.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.VisualElementsManifest.xml.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-oob.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\msotelemetryintl.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-manifest.ini.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN120.XML.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\flat_officeFontsPreview.ttf.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.X509Certificates.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL075.XML.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp	1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\1dacba7bb6884fb9e43f2bac05de2f60_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:4216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2818691465-3043947619-2475182763-1000\desktop.ini.tmp

Filesize
60KB

MD5
539f493e1a10b62cea75de67e254d8c5

SHA1
dc5cd1fce99122bd388f79c5d4841a0a73e03336

SHA256
a355678bb3d88177fd0034a37db27f8b770331c48101f4c93fc2a11e0552c034

SHA512
e1e22d6d3261e3d35394ebc8ebf2998e13c55e56181dea8d002d30616f46332d6ce636d9f741df9515f251ce10a285a174d8ba7a3b12f512c94eb3ebd327ea0f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
158KB

MD5
421afca63b5bd94f5058665202fc18af

SHA1
65cb757eeaa8d82ff9e19d1ac1e27701a0b7a1b0

SHA256
3624f0c3c0b0db9d08fb99f214f1f89ddafdac9cf174dac449ecacf731ac35c2

SHA512
df803474a69d7a0552a93fb25416b432d26a107af25b5b300cad395c08b6c89948d73e429af549ca4d1fcdb5c6f773099ae4ccdeca5055f3709f27cee41bb98e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads