a4b1e67a65e50eebe55d8c262e442882639861aeb56bd7044223dec5ebf7829b

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
Size

76KB
MD5

389b84669c243f3f824fbb9950c7cb40
SHA1

10a17a90663c89221d46090c4cf68fb6c13a95dc
SHA256

a4b1e67a65e50eebe55d8c262e442882639861aeb56bd7044223dec5ebf7829b
SHA512

46ec5b2b89a972f27d9d9f5c97c591357530201c1f983afd458cace3661355d966a0c28920940026deb8dc95aa3cf757fd9fa194117f1408b1d7e30a54179e7f
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJd:W7Z9pApQESOHepOHe8G+6E65TGAR9v1r

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5024) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\release.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Resources.Extensions.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTrial-pl.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-oob.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\README.txt.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Configuration.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\lib\packager.jar.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-oob.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\es.pak.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Design.resources.dll.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\pl.pak.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp	389b84669c243f3f824fbb9950c7cb40_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\389b84669c243f3f824fbb9950c7cb40_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\389b84669c243f3f824fbb9950c7cb40_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:1260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2818691465-3043947619-2475182763-1000\desktop.ini.tmp

Filesize
76KB

MD5
744f7bec30b4a86342892fe30ce0079f

SHA1
c5cbcca3d6ed5abdec5d2ee432856fac1d1eaec3

SHA256
7dcc62aa3bbebccd65fe330c2e642cb8f1555d1dac3dcf5c13a1205a0318f657

SHA512
f1f49f7859be881d3a523633bb315c188f70f90b6e385f24075c4a558eb6028b546f6bc6abcd7ec0648f841a42c21e67a422d9358dad2b831d394a0b827f7e4d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
175KB

MD5
d7095ec958da4aa125a256c3b584ea25

SHA1
84686b3871b7257557acd062360b6394204308a3

SHA256
e5761423b3724ecd54f6bb7ea9c605def8f32b30b7a6c4ddf3e3b1830e11cd76

SHA512
8c4be8b13e2ee139bb150ef20121e2e6faf13216bb820269b99674021d329b76030cdb13acc156d5f461d3ea859bf3a4d55075529c7f666cb592d3bd00e0f991

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads