644f98aea11238ff95a1a1bd0d3dffca4345fa00a586d112dd36b0a78404d57c

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
Size

80KB
MD5

7e4aff1c2e53b193ca76559f66e41940
SHA1

98ee9565c4e7eab17c49b8709f598a9e61f19853
SHA256

644f98aea11238ff95a1a1bd0d3dffca4345fa00a586d112dd36b0a78404d57c
SHA512

6cd7e8fe694d24032d29f2f959dec732df4b004bfede092ad2569a55b67a03896f562d8a6f114d9c5c9e6acbe52c9571ee84109e960f1b6446ef84373a5e2021
SSDEEP

384:GBt7Br5xjL8AgA71FbhvUf2OkxN2Okxj/zFd1vqFd1vlbLbK:W7BlpQpARFbh2UM/zX1vqX1vw

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3572) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.api.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcroppadd_plugin.dll.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Windows Journal\es-ES\JNTFiltr.dll.mui.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\flyout.css.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent_partly-cloudy.png.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Windows Journal\MSPVWCTL.DLL.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\7e4aff1c2e53b193ca76559f66e41940_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
81KB

MD5
8d34b56468328ed17776dc29f83b0ea4

SHA1
3b5a76192cf9e538275239e0c3f10013e6febf72

SHA256
5f6e87a3032af05cb274143951dba9215e15e413f59898025c50d83388d58c45

SHA512
70e681abe1799b480386dd493959f12e697aec69257cf0265f1d5753b0016f81b9f5917523c9a40455d403190bbdb9032eb63294230b892c5ee37ddd8895d92a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
2c5406fb58664ddb4779971e5f11bb9e

SHA1
e28793da39e90f6d129a9cee374d242f93ddaf27

SHA256
36b4b9e0f444ae4c67f212c1ef8a93eff3a367494e835f65a17cf6c6a1133605

SHA512
61f5d57d65a864cb782d37fcdeaae96b7749a0f03dd55164145ba61f900ffd2196583b48e27251510e59d610364845a844cbea97f8455f5aeeb4e207ee61e81d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads