70b030374702bf8921b8b0469389a37e1691bd3aff1a7d98fd46933ab357ef72

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 05:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e465e048ece353b550c0a2137fff6380_NEIKI.exe
Size

296KB
MD5

e465e048ece353b550c0a2137fff6380
SHA1

9897dde7e007cf628bd1640eab37dc4b3c15b571
SHA256

70b030374702bf8921b8b0469389a37e1691bd3aff1a7d98fd46933ab357ef72
SHA512

2c3683ca1a6e60ab93ad91d3952fb337ab85ac91d9a313fc54a8528c836956cdbfa543fe10166bc146688f7d1908677ff8f1411e1630bbc49dd98b26690ca196
SSDEEP

6144:RqKvb0CYJ973e+eKZ56itOImvjngu7/BRXF8z/LYIXiY2+8AF/:vvbxYX7Z56OOrvLLe7LYIXiY2+zF/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4366) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\nb.pak.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-oob.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-pl.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-pl.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.IO.Packaging.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXC.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Primitives.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul-oob.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Formatters.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.DiaSymReader.Native.amd64.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\da.pak.tmp	e465e048ece353b550c0a2137fff6380_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\e465e048ece353b550c0a2137fff6380_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\e465e048ece353b550c0a2137fff6380_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3726321484-1950364574-433157660-1000\desktop.ini.tmp

Filesize
296KB

MD5
35f720b631695ce145a3bb49049c2e42

SHA1
69c6237b6d09dac9cc19bdeed3ae6126eef7d787

SHA256
24f4389b712dd332957d492c07051e5e077d837582974fc6c53b9040dce20f63

SHA512
d8a055a1bb5197754a9000767c1875f02733e63b9bdce2a681ab662c65bd33fe2cae3e66e698d5914367d0e27ee3a902dea0d325c5fa8f0f1b761d6ea7f36dc8

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
395KB

MD5
eb46f8c9e112a76970a5b0763dbd4c3d

SHA1
dc3103f06d3e179407460e553ab1d7aff4a96739

SHA256
a1d9f4da3f2236abecb70a27b4e2a85211de6e29a49d46971eec3e711d95caa4

SHA512
b8eec11be6188a99a36e4f69b37e2a8fe7df7f5c2dab38122574081eafad075e9a0986d89b784bac7e7ef0381e0b1a90517f48735970a23ae2bb28bcda1c3eb8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads