46e09f548420d3cadf6db4010d96ef83bee2ecd39a96c1b763e672c8907051ab

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
Size

94KB
MD5

31d404b461fa0f153b8ea4a215cee5c0
SHA1

2dc025fe5548e6a41a5d2483328585dc3a504895
SHA256

46e09f548420d3cadf6db4010d96ef83bee2ecd39a96c1b763e672c8907051ab
SHA512

7530f5c75d4ad13fd00cc37fb9ee20651684000645a43035309ba32f2941c9f27f0e69ffc14346779d962afbe8a241473c6ae0871e458fa8f928e4a6c4188426
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN5BV:6rWpcOPxPke+e3fFpsJOfFpsJbgEv

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5021) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-140.png.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKPowerPoint.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-warning.png.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\sv.pak.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-pl.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Primitives.resources.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.stats.json.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-pl.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-phn.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.png.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationProvider.resources.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Timer.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TraceSource.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.Pkcs.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\ConnectMount.odt.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp	31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\31d404b461fa0f153b8ea4a215cee5c0_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2818691465-3043947619-2475182763-1000\desktop.ini.tmp

Filesize
94KB

MD5
b2ba52bf6f8c67a31f7224ceeaef54c3

SHA1
cfc99eb26214184941eb7ea56d341541e1957889

SHA256
cf8da76120e86bd10088aac9339dc96aec5de1774d9f6abf38c54971d9e889e0

SHA512
ef2daa3a30645c08b60bba84d8f6bb3e03fa903bf6e9ba047ddfbeb85b882757ef4ed2604bf8c9bd9a48b54f8f840a39a3f896960005915391d91c34ba73645e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
193KB

MD5
d19abd88f5798e1e81182f967f58f911

SHA1
81a82c4dd74d57cec62c4bcfc28ffc11ceaf3705

SHA256
eb048eb8ddce2e5c7e61f46cc1a6c6dfa1cf1cc5c05881ecb4eae5d1f3d5a0d7

SHA512
0263719d4b3b0f5cac7b0ee488b9e09e43a31c7f39e05c19a063dcfe760f194f907e27d5e6546344cc3d18f97c7596ac79716bfd8e6fcff32177186eaa9b9bf4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads