a71fd968f8907f19eaf91cd354fcacb7829d138f185296ac24761ef070ddf4d3

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 02:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
Size

119KB
MD5

ae78def10ada2b71d0c5576c8276e260
SHA1

22d9851cbe20016b48597bd052afc6d6579a6a80
SHA256

a71fd968f8907f19eaf91cd354fcacb7829d138f185296ac24761ef070ddf4d3
SHA512

eb557c61be8c45442d7982acf98def0263459a4957f9a69a63fb6685e6019d1a362379c174391a30e537ccf9bf8c6fa330a99ad55271c32b21f251eaf6f37470
SSDEEP

3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIu4:JiQSo1EZGtKgZGtK/CAIuZAIu4

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3439) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2876-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d000000013413-2.dat	upx
behavioral1/files/0x0002000000010674-6.dat	upx
behavioral1/memory/2876-646-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.exe.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\gadget.xml.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Mozilla Firefox\firefox.cfg.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jre7\bin\javafx-font.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\ae78def10ada2b71d0c5576c8276e260_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:2876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
119KB

MD5
6983d9bbf87f922dc6c8df7eb844fc97

SHA1
db9a0156085a281010b7e765d7ada6ff371c0623

SHA256
11fbd0d73de1d16df61cc308f765ec4deaf9749f969ad9a0caa1940b4a615f5a

SHA512
6fc9c84e2b2435c7a9177db8a9918a55b8246e2ca3576ecefd63544be68592d310e84c583d348e5e79c627131951cf8cb4fe65ccf9fd08a310177029fb47370d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
128KB

MD5
b318ad999195f973442166d6c02264d1

SHA1
fa1c1cbf14921693e6b656d8189cea0d786684be

SHA256
17aa8dbdf65878c068eb2e655c34a94415578ab605059a9a82d1cd8d9bf64e5b

SHA512
959d448e4c370c661ec1b127a60dd20993075668ae46c60fa87fe0480ee60e7e448a4920d754a81341eee7462bb3b5e999519b9c38dd23985e092e92842cb74f

Download Submit
memory/2876-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2876-646-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads