Overview

overview

9

Static

static

3

7802c662bc...KI.exe

windows7-x64

9

7802c662bc...KI.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2024, 00:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7802c662bce25207cb3bd2ee66b55c50_NEIKI.exe

  • Size

    99KB

  • MD5

    7802c662bce25207cb3bd2ee66b55c50

  • SHA1

    8a40d3aa82152f809ba67102cd534529b71f8f42

  • SHA256

    24964522b46089561ff858f55fa2722c6b7d4c359c1ab9cac774899e157e3fbd

  • SHA512

    f792165e9718f39f995c6c7eb9bb889e9e3777c80b292a1ddb58d4a2747f5e99742b1096bc7e14c2ae86dc25ffd053100c914a5c8ac85d520d0c7241bbcc490b

  • SSDEEP

    1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPI0oX5WX5+:6rWpcOPxPke+e3fFpsJOfFpsJbgEQMc

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (981) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7802c662bce25207cb3bd2ee66b55c50_NEIKI.exe
    "C:\Users\Admin\AppData\Local\Temp\7802c662bce25207cb3bd2ee66b55c50_NEIKI.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4848
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1316 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3280

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
            Filesize

            99KB

            MD5

            ad1c15c731d836852d0281926e26b1bd

            SHA1

            06918605446ecee5b51734e0a45f91e83406a821

            SHA256

            c1542b16965f296a5f1760832d68f9a5a5fd522b624305488682a4c0e55a6024

            SHA512

            ea64396b564a455b81117393fbaa00b4e73bb7a7a5251ccf2815e751283d25d1cb12254581adc1f4ef17916484a527792c7bfb8ce501dc37f923c9e80f115471

            Download Submit

          • C:\libsmartscreen.dll.tmp
            Filesize

            99KB

            MD5

            5bd9fa90dc69745543eb1c3f419ebadd

            SHA1

            842b67a7824e8ac3b2c5c1a226903638d31b878d

            SHA256

            236cf793fcf5fa04625c9b870483c74cf54283d23f3d5120b102190fa0dfa2d7

            SHA512

            c5df07ce284e5517374ddf2ec96928d579488d17a4674138e241d21fe1e3bb40e9e5fbe9f002da3fe7ebb1fd21d4b79202fccee502924355cfd06c7b2bdbbb2f

            Download Submit