cde1829aa846cf65afc4839eb6e7df0f7811bb0a43d8eab29cd23045d3ae83b5

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
Size

297KB
MD5

88522cfd871a8d5d6825e03305fd26a0
SHA1

7c401c11ba165b243ab14fac5cd5a78b878e811e
SHA256

cde1829aa846cf65afc4839eb6e7df0f7811bb0a43d8eab29cd23045d3ae83b5
SHA512

01dab607f3e6860ac938268b99144b5ea4d94fd3d71dac061bd70d67bd4888cb573e0d1f224dcd3bb16cb29fc0f7153a53072576b90268a591edf8ee163f3263
SSDEEP

6144:RqKvb0CYJ973e+eKZ56itOImvjngu7/BRXF8z/LYIXiY2+8AFC:vvbxYX7Z56OOrvLLe7LYIXiY2+zFC

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (1002) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Tools.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\msquic.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Forms.Primitives.resources.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\ReachFramework.resources.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\UIAutomationClient.resources.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemXmlLinq.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XDocument.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscorlib.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Encoding.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Forms.Primitives.resources.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\WindowsBase.resources.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.Process.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationCore.resources.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Royale.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\DisconnectClose.zip.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\WindowsBase.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\coreclr.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.Win32.Registry.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Xml.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.TextWriterTraceListener.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\PresentationUI.resources.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\PresentationCore.resources.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\ReachFramework.resources.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XmlSerializer.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.X509Certificates.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\PresentationCore.resources.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Diagnostics.FileVersionInfo.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscordaccore_amd64_amd64_6.0.2523.51912.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.StackTrace.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\PresentationCore.resources.dll.tmp	88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\88522cfd871a8d5d6825e03305fd26a0_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:3264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4424 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:3912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
297KB

MD5
18294b5c9b678a28bcd67354e98ebd52

SHA1
38361f36abe70e6420fd5afce03731c80b3d2b75

SHA256
bec70e8b44b3e97292910ec17b10b3606cf04a3df389757cd6cea70e0b9b6c88

SHA512
9825b031908e56df16b56b8452cf7a26c375abb4436a8161e5663a827bcad74550400f716a51b7ba412213d220bafac01f95400f0fb371acc4f03c5d00e26e7d

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
297KB

MD5
9724b94a7d54e5aa35ac9a33a099b332

SHA1
ab21e387ef08c79fd18baddeea8507a91dcafe7d

SHA256
b6cadfa690f5dae08b28673b7913a5e2e3163133d5a3a7f2e37903f667c1a300

SHA512
6c4c088baf21e5bff442cba2d6001feae7894dd47ed04424323f3ec9192cadc10f33970e473f0029efb81560927e353cf078d6938e1331a89dafa38d1882ce39

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads