99b283c9c3c1502267ea93eaf8bf3c7376ef26fea305ff7b8874dacce6473537

Analysis

max time kernel
150s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
Size

72KB
MD5

3893a68c030f5b57fc692a3c90bd7640
SHA1

5c85677e467784e8b645b958a36b881d326e11e1
SHA256

99b283c9c3c1502267ea93eaf8bf3c7376ef26fea305ff7b8874dacce6473537
SHA512

30210a90b8f51f9e8c75d9b40edafffa3a1df17cffc730a2ea40de14672a6ff31a1ad83d7aed513c77c5c403fd8fccf8392bc475a25f3b8d0041b73c7bd9a85d
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7try1f:6e7WpP9oVLQthbYY9oVLQthbUrt7tryp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5023) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ul-oob.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Document Parts\1033\16\Built-In Building Blocks.dotx.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-100.png.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\deploy.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ul-oob.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Debug.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msvcp120.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationCore.resources.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLL.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\vcruntime140.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Quic.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-pl.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Primitives.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ul-oob.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\catalog.json.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsFormsIntegration.resources.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.tmp	3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\3893a68c030f5b57fc692a3c90bd7640_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:1240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
72KB

MD5
0de24b4db75d3348ec2c8b82262e9faf

SHA1
d3971af2d8a5bce6d14f8131916d44fb78ec80e7

SHA256
fe2a3558df85387cb4f593f4d9469df80e7b7fce0832d2fac617a1bd20399177

SHA512
4f465ff57ba46795fafed9c1d2666237a0d4f59618ce378b5470d25528d3cb4f56d9672cf635188158e709037346a815a74fb78e7d249f47b4a4e7db534f3e42

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
171KB

MD5
2d10cf1ccc75c6becc926ab4e6eaec30

SHA1
95193b8d9031916702871dd069b537b252a6afe7

SHA256
e288cb0872a2b69e09ce8117ae52adfd482bb4cdc6f65208e77cb858a722368c

SHA512
30475cd3355ee9fed52d30f79e5ec4c8d0a29cd29b147cbb74e568cb0923e927d9e2ec6c045f1dd9229c5ff5b1aac04903a60b756313bc4bd94e30d6989f03c9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads