99b283c9c3c1502267ea93eaf8bf3c7376ef26fea305ff7b8874dacce6473537

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07-05-2024 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
Size

72KB
MD5

3893a68c030f5b57fc692a3c90bd7640
SHA1

5c85677e467784e8b645b958a36b881d326e11e1
SHA256

99b283c9c3c1502267ea93eaf8bf3c7376ef26fea305ff7b8874dacce6473537
SHA512

30210a90b8f51f9e8c75d9b40edafffa3a1df17cffc730a2ea40de14672a6ff31a1ad83d7aed513c77c5c403fd8fccf8392bc475a25f3b8d0041b73c7bd9a85d
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7try1f:6e7WpP9oVLQthbYY9oVLQthbUrt7tryp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3689) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\vlc.mo.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Windows NT\Accessories\ja-JP\wordpad.exe.mui.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\it-IT\Sidebar.exe.mui.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXE8SharedExpat.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\kcms.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\platform.ini.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\gadget.xml.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\localizedStrings.js.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_Loading.png.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:1764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
72KB

MD5
bfb24deed85ec8cf067398d64c852241

SHA1
badf04a4bece4289295e6f981ca1ece36b69e288

SHA256
3ef59cea36c0284d29e6d0c83b9e07255f6c3439b86201871dc2cccb1270bb8d

SHA512
71986bc362783a4b91a93e9322ad7ac539b46160a21e5234f21d43c3f4f8606aa3c271b6adaee012e6e68810a67dc2d7cc6f8e2bc44fdd88eee516cf8490fa97

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
a98c305b9d0002b8552eed7377d8f1ef

SHA1
8f54554c2f633ff7ba2f4b7b2ea8213793e00abf

SHA256
49d8b9de53a722d9ad50d1a5414b664af95516cf52893581d40ed9dcb4ed6047

SHA512
09ded588b5d9d10a5b8fb0c123e0400372005e2af38375ef5fe4392a0577a211707d8fcd31d224989eb155c46b7ebb451c30885213ef1f6c167bcc47240de721

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads