40b8d46c33cf7115f67effc8180d626140b312eadb76ef8fb0d2c6318bd11863

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
Size

178KB
MD5

6085c0ecb41f6903529b9e43839ffe60
SHA1

51e2a630e5ccfafb3e396d455a59e2b5ab8d8c86
SHA256

40b8d46c33cf7115f67effc8180d626140b312eadb76ef8fb0d2c6318bd11863
SHA512

951758a8a9da8309125c24e1055a1da18c676e9dc957a1d52afe5299261d2b4be21d766a921b22cabdf47b025b01e7a5006998a8ae1d9255a64b2e35adc62eb0
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmSXrw3Mtr0srI79aegeAc7:RqlIyFESWu0SWu2sG9aPE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3222) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\6085c0ecb41f6903529b9e43839ffe60_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:1268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
178KB

MD5
84bc8921a7d7dc2aef7875a519041ddd

SHA1
f97f6f58e2b64fbf567b6bcbb41558da61c2aa5b

SHA256
00b47f084ea0d9f89795d76c1bed6a18ca6d7523dc7d75dce123d601f43064d6

SHA512
03be035b999828edffe9b720aabf6e099cb47f827427b64671e8b397d821576043d174d4fa17d1f14c9bcb3e81d76f0cebfa2e898855479a6d342a6c5474a39f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
187KB

MD5
7ddfb315c3a5c505346485e0c93d291f

SHA1
396a63eb55753e5d904bde9457c215613e6d37e4

SHA256
38f8ef96fbb00b69087e50f42bc5bac63f2f6be6bbb42c696c7fffe4bdea4113

SHA512
a6ee0cd74bfc249a429b30fa6d1a3b5beb1584092e7361b281551b55d7ad3ca0d36323257d0697b1eae95b5f5a57244cd36fac272876cc629e155c451ebbec0a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads