632f259cb6f6f119bb06512526291d59a6d6b722f672df7b7878f59c09d5407f

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68869cb6f478b460c94645f2b9609690_NEIKI.exe
Size

84KB
MD5

68869cb6f478b460c94645f2b9609690
SHA1

4f41386420852d3e4cecf2e87aef56251479e637
SHA256

632f259cb6f6f119bb06512526291d59a6d6b722f672df7b7878f59c09d5407f
SHA512

2191997a258f9ed2249cedfb0daaa188be8a5e74adc564a373020a97b0b2fa7dabee4da422f7cadd4388938c30a640403df055c7e5aa2e9c930cf7cc6437fcc3
SSDEEP

1536:W7Z2sspApkZrZnZrZHZrZ1iqktYtlXGkR2SfXGkR2SErk:62ssWpQXGkR2SfXGkR2Sh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3456) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\slideShow.js.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	68869cb6f478b460c94645f2b9609690_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\68869cb6f478b460c94645f2b9609690_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\68869cb6f478b460c94645f2b9609690_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
85KB

MD5
bde91c2a4df973e3f49676558b938b9e

SHA1
a172d73eae22ebb48f84343c715f4d08e387ff0b

SHA256
2386e24afc284c554361832bd69e90373e5edf89e41c65881c0123d3a7dd2591

SHA512
6daf16500caf640569b0c7bb390e779e7a643baccc5a13b7844f3a911609b41932f71cf11036aa5206349467f81de2ae89f7f38080755aeee9ae97e5f3cf652a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
93KB

MD5
fd92659b04c86f8650896f04ba8db66b

SHA1
79fa34aa488b680d135786c745353aa8abfb0948

SHA256
de57ecfb85a13078c92fa02ba33d982eb266a6fd1fcb0039274fa728a5b2b95a

SHA512
56dc832707783d72bd95506f72d77e185cbc1d0091e738959d99cb9a3a251731329c0abea7ec72d74612c8506484c70a2ea2e2f7040ddd2d662d24ffeb0613be

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads