a4b1e67a65e50eebe55d8c262e442882639861aeb56bd7044223dec5ebf7829b

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
Size

76KB
MD5

389b84669c243f3f824fbb9950c7cb40
SHA1

10a17a90663c89221d46090c4cf68fb6c13a95dc
SHA256

a4b1e67a65e50eebe55d8c262e442882639861aeb56bd7044223dec5ebf7829b
SHA512

46ec5b2b89a972f27d9d9f5c97c591357530201c1f983afd458cace3661355d966a0c28920940026deb8dc95aa3cf757fd9fa194117f1408b1d7e30a54179e7f
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJd:W7Z9pApQESOHepOHe8G+6E65TGAR9v1r

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3447) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\jsdt.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\nssckbi.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Windows NT\Accessories\WordpadFilter.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\389b84669c243f3f824fbb9950c7cb40_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:1132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
76KB

MD5
5da8806e66d27817c43746cbdb5da60c

SHA1
1078ca1339f5c011405dc87ea7f0314fbc32c8ba

SHA256
e3a95a9461231a2612aad59ad7ee28b549e9eeb3d2b59bc6ec89eb997d9261bc

SHA512
cb61688d7bfc48a282ef1c8d1511878db882b2c8454820d8dfb89f7b0071777b01042f744c3fcc0a7430fac579a5765135de4abf5d11f940ef7e6b3641774673

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
85KB

MD5
73e6775b409557ad39394a5697d2e44f

SHA1
9747a9bb5b8d04f821d0aaf4fee996d4afa2cf34

SHA256
d75395dc7368513578762aeab9386f7f141ab5c7d8cd443f60ecd8fcaebdf62f

SHA512
7451b0a7733996b235270b782eb492e38580b1bab39caaf694afaa07e85f16b8a3e00db7fdef62cdacd467991dd47ad8ff0a4cd6ddfd14bfd0408d20ef5a6efd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads