Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
08-05-2024 01:58
Behavioral task
behavioral1
Sample
9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe
Resource
win10v2004-20240419-en
General
-
Target
9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe
-
Size
105KB
-
MD5
9ea78aae270a0ef695d95915e2e548c0
-
SHA1
80b3dc9e5d9f86ac7aed063e315a9e394eec43f9
-
SHA256
dc874de3fd00b00ba3777c0ea3b460b23bf2d75e276abc3ff277cd9945acae07
-
SHA512
51c1006f73a9833053219a0558e8ca2d859d49c64a5b6f53c13b92ed09d8e5782abdfb58bea5d2b34966f8e735979f17f5a70605791fafd9f6998313d6af45a0
-
SSDEEP
1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfO:hfAIuZAIuYSMjoqtMHfhfO
Malware Config
Signatures
-
Renames multiple (4842) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
resource yara_rule behavioral2/memory/4328-0-0x0000000000400000-0x000000000040A000-memory.dmp upx behavioral2/files/0x000c000000023b58-2.dat upx behavioral2/files/0x0009000000022970-6.dat upx behavioral2/memory/4328-796-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Java\jre-1.8\bin\javacpl.exe.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-100.png.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.resources.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-phn.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-ppd.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN026.XML.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\7-Zip\Lang\el.txt.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationFramework.resources.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Java\jre-1.8\lib\deploy.jar.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-pl.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-pl.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\7-Zip\Lang\lv.txt.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\SmallLogoDev.png.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ul-oob.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\db2v0801.xsl.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationProvider.resources.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Java\jre-1.8\release.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp 9ea78aae270a0ef695d95915e2e548c0_NEIKI.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
106KB
MD5aee201399c3e98260f07b35147c530a6
SHA14adc4ebec1fca070d18953315928769329d66a2f
SHA2569d10b140897763151e2f415bbaca7dfb54bb46a7c2cfacb9687d70b303bb2b02
SHA512cf96e271f4bbf68db0b3b328828800df56f79521d79c1f8ec420964966acc82074f05721c2938f61f9e17959c41d641415de673a611f0fb8ac46c1b4148d326e
-
Filesize
205KB
MD570b0d2b425f39c7428cc748fd54a9b41
SHA19bee1b366c9e18fcbffe53f3e2a35ceb8bcd1fb6
SHA256166ea61b312f5c26cb885659f52731a3ef046ca893c0fa0a64dcb5912276d3d1
SHA512e2f758aeecaac0387387bcba461e06ff909e2ee449b0263faab83e24d1095170b63571ffa603065d31c5801cb20e3f3bcad74b3492bb0232945da7f9fa624053