c0241f8efd18f8636017f7b2ac0a0b8b51f26a6af99c77a30dd82e086d53627c

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 04:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
Size

68KB
MD5

d6f11e886e506bc7ba3cf28245b7f900
SHA1

39f49fb4e53aa83d78d343fca1e6e4043ffa075a
SHA256

c0241f8efd18f8636017f7b2ac0a0b8b51f26a6af99c77a30dd82e086d53627c
SHA512

c25b2b1c9b1823feb684b1deb8c02c1f78b49bb6e1dc60bbc45a0decd365292312d09156bf085868428a2d25ecea82489a29632bcccad783b4e12d875cb33dcc
SSDEEP

1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhc:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsp

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5006) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationCore.resources.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClientSideProviders.resources.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationCore.resources.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+NewSQLServerConnection.odc.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ml.pak.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSQRY32.CHM.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ko.pak.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-pl.xrm-ms.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-2-0.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Parallel.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\jvm.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-RS\msipc.dll.mui.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFUI.DLL.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationFramework.resources.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Configuration.ConfigurationManager.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-pl.xrm-ms.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XML.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe

C:\Users\Admin\AppData\Local\Temp\d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\d6f11e886e506bc7ba3cf28245b7f900_NEIKI.exe"
1⤵
- Drops file in Program Files directory
PID:3884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-877519540-908060166-1852957295-1000\desktop.ini.tmp

Filesize
68KB

MD5
aa70547d190fe6f117839cfa0a601921

SHA1
96e1b5423c964d16e53c0509b86cb88301bc03a9

SHA256
2ce488c5b0366217d205bcd27ad2af667aa4a4d3a365a10c16b43fdb4275ad42

SHA512
5ea6dfbca813ff85b8da5ef75c96193e19c11ea981df3591dc1c88b106edd1249e8f1a14f9bd5552241e42734dcee8330df7210f45eeca94c64c524dd4d5824f

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
167KB

MD5
a2771ed3e62641f0d8bfb78fe21d9d4b

SHA1
cb5612a61a6ce881d849f83fd85ab2a164f88647

SHA256
2a42228a0bdf338929d73fc7f922ea9c90c94ac3c8a47c24feb220bd011cab1e

SHA512
98a0295a6abe6c0cac765dd3dd30512297848206aabd867cbd8d845b7453d589eed8f94cb15efdeb107c81be81c6b0e285dcbdf79bbf381566e0cebd718b15b3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads