46edb7e95fc88e60e50c413f4c324f05acbfedabcfc611d74ef1b75a5863a853

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
Size

74KB
MD5

7dcc62dcece8267ccc69ab0615477d30
SHA1

039e89c11c6d5429033edf6027c2801c99dd3b0a
SHA256

46edb7e95fc88e60e50c413f4c324f05acbfedabcfc611d74ef1b75a5863a853
SHA512

d7436cb99a0d1567f2c71985580d15d78ea5f80d3bc7beaa0e2bc6b988d8404d30c4a2eb54fe5a87a82a6321be3b0889c674de7fac4e47fd55ace677943a4d13
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJx:W7Z9pApQESOHepOHe8G+6E65TGAR9N

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5013) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwjpnr.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN082.XML.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.White.png.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PowerPointCombinedFloatieModel.bin.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ppd.xrm-ms.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-pl.xrm-ms.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceProcess.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.exe.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-pl.xrm-ms.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\ReachFramework.resources.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-140.png.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ppd.xrm-ms.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_F_COL.HXK.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationUI.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\7dcc62dcece8267ccc69ab0615477d30_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:3128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-17203666-93769886-2545153620-1000\desktop.ini.tmp

Filesize
75KB

MD5
7a14759d114252c0c955195a1b74d421

SHA1
4707f4c86a74ae3776bf6548768f933a311e6d09

SHA256
97140f7c2b4ef05157c6c0531dcfeab44fa624810e083bcd042e3671003e1dcd

SHA512
216f3849e0f8083cd1bbc5b1f3c97e68d5cc84b1e7fc0b076331c8df98fe18a9853192b434e408c805a148566f427160bade3da004ae90e8b08b2b0e8a034763

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
173KB

MD5
1212670b97b4026c3e792984347d7594

SHA1
1739c0cd82d8ffa07a2104ea4a9f59639d05288e

SHA256
cc14d30345f1b3a40c6627a9b94b41353b377ea5181d7a74e8b421e42a0c484b

SHA512
d035a1bb78bfb03bf37928c3f672c7d3e5850411e28769c37207a678d9d96f2d4c596b5b2cec4cb640b3b931a6f22da9f58b20b3b3457e3dd4751a2fea3aa222

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads