a71fd968f8907f19eaf91cd354fcacb7829d138f185296ac24761ef070ddf4d3

Analysis

max time kernel
149s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
Size

119KB
MD5

ae78def10ada2b71d0c5576c8276e260
SHA1

22d9851cbe20016b48597bd052afc6d6579a6a80
SHA256

a71fd968f8907f19eaf91cd354fcacb7829d138f185296ac24761ef070ddf4d3
SHA512

eb557c61be8c45442d7982acf98def0263459a4957f9a69a63fb6685e6019d1a362379c174391a30e537ccf9bf8c6fa330a99ad55271c32b21f251eaf6f37470
SSDEEP

3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIu4:JiQSo1EZGtKgZGtK/CAIuZAIu4

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4850) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4180-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000c000000023b5b-2.dat	upx
behavioral2/files/0x0007000000022971-6.dat	upx
behavioral2/memory/4180-1682-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr3jp.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-phn.xrm-ms.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Xaml.resources.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ul-oob.xrm-ms.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ValueTuple.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Facet.thmx.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ul-oob.xrm-ms.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\ReachFramework.resources.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ppd.xrm-ms.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.CompilerServices.Unsafe.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.RegularExpressions.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Primitives.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlDocument.dll.tmp	ae78def10ada2b71d0c5576c8276e260_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\ae78def10ada2b71d0c5576c8276e260_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\ae78def10ada2b71d0c5576c8276e260_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:4180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-17203666-93769886-2545153620-1000\desktop.ini.tmp

Filesize
119KB

MD5
a46047b716d02fb9d9dd84e53f422af0

SHA1
c29937b8da3cb4a7d9544b60aead9a9a81575004

SHA256
fc160a3c0f2b9921f3cdcef5cfae62667dedf022554a5995bad4afa17d819c89

SHA512
218b967691ad7ab428994040609f53173ff049122497a3c9f9d81b4d16b77cf82bdc82d60505f9d251a8c33393e399e23be20c18dd7ecb730b4e96dde019cf4e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
218KB

MD5
cbbdab8c82a92415125f3a8323bedf29

SHA1
e5adfb15ec2124fbc95c18c749abd5b726f28a8e

SHA256
1db6e2ac2ca63fc66eb02ed9ddaa42186a98f5203c1aed4521e85af747516956

SHA512
3ba67ee08e35d86d21b3f2c801b1e5ffb3c0cfabf81e832a784712ac2e1cf1fdcfd2c0b088be0c8539fc6bc7dc84c7ac606d69b3573e88fc3e74c8b277cc9270

Download Submit
memory/4180-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4180-1682-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads